Facebook, still struggling to repair the reputational damage that came with the Cambridge Analytica scandal, has been struck with yet another data breach.
Two weeks ago, Cyble, a cybersecurity firm, exposed the sale of around 500,000 Zoom accounts on the dark web. The firm now has now reported the sales of 267 million Facebook profile details on the same platform, only for $540.
The report states:
One of the threat actors have dropped an online bomb by dropping the identities of 267 Million Facebook Users for 500 Euros – the details include their Email, F-Name, L-Name, phone, Facebook ID, last connection, status, age.
Even though the data does not include passwords, it can easily be used to craft a text or email phishing campaign on behalf of Facebook. Even if a small number of users fall into the trap, much more valuable data can be stolen.
#Exclusive & #Breaking – 267 Million @Facebook Identities Sold for 500 Euros – online identities value is diminishing these days!https://t.co/UfEcsLBiKz#DarkWeb #ThreatIntel @BleepinComputer @Bank_Security @USCERT_gov @IndianCERT @NCSCgov @EU_Commission pic.twitter.com/iWXmu1r78M
— Cyble (@AuCyble) April 20, 2020
This is not the first time a massive amount of Facebook data is being sold on furtive data markets. The same number of mostly U.S. records was found online for sale last year. At that time, the social media giant explained:
We are looking into this, but believe it is likely information obtained before changes we made in the past few years to better protect people’s information.
However, even if the data breach is from last year’s data, it does not hide the fact that Facebook’s systems are still loaded with loopholes, and no one on the platform is safe.