Application security, Breach, Threat Management, Data Security

Details on 267M Facebook users sold for cheap on dark web

A cybercriminal actor on the dark web has made available a dataset of Facebook accounts belonging to 267 million users, recently selling the collective lot to researchers for 500 Euros.

User data includes one's email address, first and last names, phone number, Facebook ID, last connection, status and age, according to a blog post report from Cyble, whose researchers purchased the data.

Researchers at Sophos crunched the numbers and determined that the price point of 500 Euros equals roughly $540, or approximately 0.0002 cents per record. Buyers who scoop up this dataset can potentially use the information within for phishing and spamming purposes.

Sophos also noted that this same data set has appeared before on the dark web, and uncovered by security researcher Bob Diachenko, working with the cyber firm Comparitech.

Comparitech last month reported that the data was lifted from an openly exposed Elasticsearch cluster and posted on the dark web in December. The ISP managing the IP address of the Elasicsearch server removed the database after being alerted to the situation. Then, in March, a second server containing identical records, plus 42 million more, was discovered. This server was attacked and destroyed by unknown actors.

Diachenko, Comparitech and Cyble all suspect that the compromised Facebook information may have initially been exposed due to an illegal data scraping program or leakage in/abuse of a third-party API.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.
Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds