There is no doubt that Facebook has a long history of putting users' privacy at risk.
For reasons, this is because the social media giant thrives on having ads that follow its users all over the web. The more people rely on its services, the more the company knows how to connect the dots between the users.
And here, the data of hundreds of millions of Facebook users are being sold on dark web forum.
Initially, it was discovered that more than 260 million user profiles were on sale. And all that can be bought for just £500 or $540.
That before an unknown party expanded the list to 309 million, said cyber risk assessment platform Cyble Inc.
The database includes users’ full names, phone numbers, email addresses, Facebook IDs, age, and gender, according to the researchers.
Cyble's discovery only came weeks after its researchers found more than 500,000 Zoom users data are also being sold on dark web forums.
To know if the data is legit and the real thing, the researchers at Cyble bought the data and are making it available on their breach monitoring platform, AmIbreacher.com. This way, the company wants to make a searchable database for users to check if their accounts were involved in the security breach.
“At this stage, we are not aware of how the data got leaked at the first instance, it might be due to a leakage in third party API or scrapping," Cyble researchers said in post on a Medium blog post. “Given the data contain sensitive details on the users, it might be used by cybercriminals for phishing and spamming."
Sophos who also stumbled to the same database, said that this isn't the first time this database has been leaked.
Sophos said that the same database was previously “spotted by security researcher Bob Diachenko, taken down by the ISP hosting the page, reappeared, fattened up with another 42 million records in an Elasticsearch cluster on a second server, and then been destroyed by unknown actor(s) who replaced personal info with dummy data and swapped in database names labelled with this advice: ‘please_secure_your_servers’."
According to Sophos, Diachenko had partnered with tech comparison website Comparitech and found that the database has been exposed by about two weeks.
Sophos that also tracked the timeline for the breach between December 4, 2019 and March 4, 2020, said that “the initial breach exposed 267,140,436 records of what were mostly Facebook users in the U.S.."
These same records were exposed in March 2020 again, but had an additional 42 million records added to it, in line with Cyble's discovery.
Fortunately, passwords weren’t exposed in the breach.
However, that doesn’t mean that any other user data isn't useful. By matching all the necessary data, cybercriminals can use the cache information to perform spear-phishing or SMS attack campaigns that could result in unsuspecting victims handing over their credentials or worse.
While some of the leaked data can be gathered using data scraping tools, where bad actors scout the internet looking personal information that isn't protected, security experts recommend users to always change their account credentials, if ever they have been suspected of data leak.
On the web, people are always urged to use strong passwords that is hard to guess but easy to remember.
Facebook users who are at risk can also tweak their accounts' privacy settings to adjust who can see future and past posts, and who can see the people, Page and lists they follow.
"Cyble recommends users to tighten their privacy settings on their Facebook profiles, and be cautious of unsolicited emails and text messages," the researchers wrote.