[ad_1]
Over the weekend, researchers at cybersecurity intelligence firm Cyble found a database of 267 million Facebook user profiles that are sold on the Dark Web.
Seeking to verify the records and add them to the company’s default notification service, investigators bought it … for a total of £ 500.
That equates to $ 540, or about 0.0002 cents, per registration. The records contained the identifications of Facebook users, which are unique public numbers associated with specific accounts that can be used to determine an account’s username and other profile information. The records also included full names, email addresses, phone numbers, timestamps for the last connection, relationship status, and age.
Fortunately, the passwords were not exposed, but the breach still forms a perfect toolkit for an email or text phishing campaign that appears to be coming from Facebook. If enough users are fooled by clicking on the spearfishers’ manipulated links, it could lead to the exposure of even more valuable data.
How was the data filtered? In a blog post, Cyble said he doesn’t know, but his researchers suspect the logs could come from a leak in the Facebook developer’s API or from scraping: automatic sucking of publicly available data (like people friendly to I often post publicly on Facebook and other social media.)
Still appears
However, the story does not end there. In fact, it doesn’t start there either. It turns out that this same database had been previously published; seen by security researcher Bob Diachenko; removed by the ISP hosting the page; reappeared, fattened up with another 42 million records in an Elasticsearch cluster on a second server; And then it was destroyed by unknown actors who replaced the personal information with fictitious data and exchanged names of databases tagged with this advice: “please_secure_your_servers”.
Diachenko partnered with the technology comparison site Comparitech in this paper last month. Comparitech said the database was exposed for nearly two weeks, available online without password protection, before it was removed.
The timeline
This is what happened when, Comparitech says:
- December 4, 2019 – First database indexed by search engines.
- December 12, 2019 – The data was posted as a download on a hacker forum.
- December 14, 2019: Diachenko discovered the database and immediately sent an abuse report to the ISP that manages the server’s IP address.
- December 19, 2019 – Access to the database was removed.
- March 2, 2020 – The BinaryEdge search engine indexed a second server containing identical records plus an additional 42 million.
- March 4, 2020: Diachenko discovered the second server and alerted the hosting provider.
- March 4, 2020 – The server was attacked and destroyed by unknown actors.
The initial breach exposed 267,140,436 records of what were mostly Facebook users in the US. USA Diachenko said all the records appeared to be valid. The same 267 million records were exposed on the second server in March 2020, but this time, the exhibition included an additional 42 million records, hosted on a US Elasticsearch server. USA
Comparitech said 25 million of the new records contained similar information: Facebook ID, phone numbers and user names. But 16.8 million of the new records had even more, including gender, email address, date of birth, and other personal data.
How did they obtain this data?
Both Cyble and Diachenko investigators are unsure how the breach occurred, but both suggest that it could have been a hole in Facebook’s third-party developer API that existed before the platform restricted access to phone numbers. … or that allows criminals to obtain our user IDs and phone numbers even after Facebook restricted that access in the API.
Both Cyble and Diachenko say that the logs could alternatively have been harvested by scraping, which is a good reason you may want to rethink the amount of data you share publicly on Facebook. In other words …
Stop exposing yourself!
The less personally identifiable information you distribute, the less ammunition you will give scammers to lure you into clicking something dangerous in the email or SMS text message, or to tell you more than you should on the phone. The more scammers know about you, the more convincing they will sound. Too often, the thought of a possible victim is this: “Hey, they know my date of birth and / or phone number and / or home address and / or fill in the blank. They must be legitimate!
Beware of unsolicited emails and text messages, as they can be phishing attempts. Here’s how to limit the amount these scammers can get from you on Facebook:
- On Facebook, go to Settings and privacy.
- Select See more privacy settings
- Set all relevant fields to friends or Just me.
- Set “Do you want search engines outside of Facebook to link to your profile?” to No.
There were no passwords involved in this violation, but it is still a good opportunity to ensure that you have secure password on Facebookand you are do not reuse it (or any other password) on any other site.
This breach has already given attackers a piece of the authentication puzzle they need to hijack their accounts – that is, it exposed the email addresses of Facebook users. Once they know the email you use on Facebook, they can use it to search the violation lists that to have Passwords included. They will then connect the username / password combinations on other sites to see where else you have (re) used those credentials. … all of which adds up to being a real bad idea to use a password twice.
Finally, if you are not yet securing your Facebook account with two-factor authentication (2FA), now is a good time to activate it. It will prevent your account from being hijacked if your credentials are hacked, through this or other breaches. Even if attackers get your username and password, 2FA can prevent them from taking over your accounts. On Facebook, you can activate 2FA by going to Configurations > Security and login.
