- The researchers found a large database on the dark website
- The threat that actors claim to have it abusing a Facebook API
- Facebook says that the database has years
A hacker claims to have 1.2 billion of Facebook users records, including the names of people, locations and telephone numbers. This is according to cybersecurity researchers Cybernews, who recently saw a new thread in a dark web forum, promoting the gigantic database.
In the thread, the threat actor claims to have generated a completely new database (instead of compiling information that was already available in the murky waters of the dark website), and that contains user ID, names, email addresses, user names, telephone numbers, locations, birthday data and gender information.
Cybernew researchers analyzed parts of the data and confirmed that it is legitimate (at least the parties they observed). This means that whoever takes this database can use the information inside to launch very convincing phishing attacks, participate in identity theft and possibly even wire fraud.
Abuse extensions
But there are other things to consider. Cybernews, for example, says that the claim of 1.2 billion user records should be taken with a massive salt grain, for several reasons.
First, the threat actor only published once before, so his reputation is questionable. Secondly, there has been a similar, but smaller filtration, in recent history, which leads researchers to suggest that perhaps this is the same file, only packaged with a little additional information.
The data were supposedly collected by abusing a Facebook API. Meta, the parent company of the giant of social networks, did not deny it, but suggested that the attackers are simple scammers that try to share a previous database as something completely new.
“This is not a new claim. We declined this years ago and we have taken measures to prevent similar incidents from happening,” said a goal spokesman, Cybernews said, and shared a link to a company’s blog about how the scratch fights.
Researchers believe that this could be one of the greatest scratches of data that come from Facebook, and a testimony of the evil sense of security and privacy of the company’s clients:
“Repeated incidents show a pattern of reactive security measures instead of proactive, particularly when it comes to protecting data that are publicly visible but still sensitive. The lack of safeguards and stronger transparency undermines confidence and leaves millions potentially exposed to phishing, the squamous, possibly identity theft and long -term problems,” the team said.
Through Cybernews
