The private and personal information of more than 1.5 billion Facebook users is sold on a popular hacking forum, potentially allowing cybercriminals and unscrupulous advertisers to target Internet users around the world.
This is the largest and most important Facebook data dump to date. Apparently it has nothing to do with the 2021 Facebook data dump.
In late September 2021, a user of a known hacker forum posted an announcement claiming to have the personal data of more than 1.5 billion Facebook users. The data is currently sold on the respective forum platform, and potential buyers have the opportunity to purchase all the data at once or in smaller quantities.
A potential buyer claims to have been offered $5,000 for the data of 1 million Facebook user accounts.
According to the forum banner, the data provided includes the following personal information of Facebook users:
Some users of the forum claim that they paid the seller but received nothing in return. The seller has not yet responded to these accusations. All we know at the moment is that the multiple examples provided to forum users turned out to be real.
The examples presented on the forum show that the data is indeed real.
Cross-checking these with known Facebook database leaks resulted in no matches, implying at first glance that the sample data provided was unique and not a previously known data breach or scrape copy or resale.
The seller claims to have had over 18,000 customers during that time, representing a group of web scrapers that have been in operation for at least four years.
Data Obtained by Scraping
The traders claim to obtain the data by scraping individual users’ accounts rather than hacking or compromising them. Scraping is a web data extraction or collection process in which publicly available data is accessed and organized into lists and databases.
While technically no accounts have been compromised, this is hardly any consolation for those whose data could now fall into the hands of unscrupulous internet marketers and possibly cybercriminals.
Unethical marketers may use this data to bombard certain individuals or groups of individuals with unwanted advertisements.
It is particularly worrying that phone numbers, real-life locations, and users’ full names are included in the data. Also, SMS and push notification spam are becoming more and more common, even though most countries made these apps illegal years ago.