Threat actors are selling over 267 million Facebook profiles for £500 ($623) on dark web sites and hacker forums. While none of these records include passwords, they do contain information that could allow attackers to perform spear phishing or SMS attacks to steal credentials.
Last month, security researcher Bob Diachenko discovered an open Elasticsearch database that contained a little over 267 million Facebook records, with most being users from the United States.
For many of these records, they contained a user’s full name, their phone number, and a unique Facebook ID.
The ISP hosting the database eventually took the server offline after being contacted by Diachenko.
Soon after, a second server containing the same data plus an addition 42 million records was brought online but was quickly attacked by unknown threat actors who left a message telling the owners to secure their servers.
Of this new data, 16.8 million records included more information such as a Facebook user’s email address, birth date, and gender.
It was not discovered who these servers belonged to, but Diachenko believed that it was owned by a criminal organization who stole the data using the Facebook API before it was locked down or via scraping public profiles.