User IDs, real names, email addresses, phone numbers, and locations are among the data of more than 1.5 billion Facebook customers that’s up for sale, according to a report on the cybersecurity news outlet Privacy Affairs on Monday.
The going price has been quoted as $5,000 for a million names.
🚩🚩 Personal Information of Over 1.5 Billion Facebook Users Sold on Hacker Forum
– Phone number
— Privacy Affairs (@Privacy_Affairs) October 4, 2021
The data “appears to be authentic” and was obtained through “scraping” – getting the information that users set to ‘public’ or allow quizzes or other questionable apps or pages to access.
It’s the “biggest and most significant Facebook data dump to date,” according to the publication – about three times greater than the April leak of 533 million phone numbers.
Facebook said at the time this was “old data” and the security vulnerability responsible had been patched back in 2019.
Privacy Affairs reported that one purported buyer was quoted the price of $5,000 for a million entries. Another user claimed they had paid the seller but had received nothing, and the seller had not yet responded. The samples of data provided to the unnamed “popular hacking-related forum” appeared to be real, the outlet said.
Facebook, Messenger, WhatsApp, and Instagram, all owned by Zuckerberg’s social media behemoth, were struck by a serious global outage that began on Monday. However, the data dump doesn’t appear to be related to the outage itself.
The scraping obviously took place some time prior, with the first mention of it on the dark web being in early September.
As scraping Facebook data becomes harder some long-time actors are willing to sell their huge bulks on the darknet. The latest announcement contains 1.5 Billion entries and exceeds very much what we have seen so far. #facebook #api #leak #breach #darknet pic.twitter.com/ZhCQ7menhf
— Marc Ruef (@mruef) September 7, 2021
While the accounts affected have not been compromised in the strictest sense of the word, cybersecurity experts point out that the users affected will be at increased risk of getting unsolicited texts, ads, and emails from criminals who obtained the purloined data.