Cyber-security intelligence firm Cyble last weekend discovered that personal data of 267 million Facebook users were being sold on the Dark Web and through hacking forums for £500.

The leaked data includes email addresses, names, Facebook IDs, dates of birth, and phone numbers. Thankfully, these records do not contain user passwords. However, the leaked data is enough to perform spear-phishing and malware scams against victims to steal credentials.

Cyble told BleepingComputer that their researchers purchased and verified the database themselves and they are adding details of the affected Facebook accounts to their breach notification service. Users can go to this link to check if their Facebook account was compromised.

“At this stage, we are not aware of how the data got leaked at the first instance. It might be due to a leakage in third-party API (Application Programming Interface) or scrapping,” Mr. Beenu Arora, CEO and Founder of Cyble said in a statement.

Cyble recommends users to tighten their privacy settings on their Facebook accounts, and be cautious of unsolicited emails and text messages.

In December 2019, a similar trove of more than 267 million Facebook users’ personal information was left exposed in an open Elasticsearch database on the Dark Web. This trove was discovered by Comparitech in collaboration with security researcher Bob Diachenko.

The database was openly accessible by anyone without a password or any form of authentication and comprised full names, phone numbers, and user IDs of 267,140,436 Facebook users, mostly residing in the U.S.


Please enter your comment!
Please enter your name here