Cybersecurity researchers say 267 million Facebook profiles have sold on the dark web for just $540. According to Cybersecurity firm Cyble, most of the accounts sold on the dark web contain email addresses, names, Facebook IDs, dates of birth, and phone numbers. Thankfully, no passwords were exposed by the hacker.
While cybersecurity researchers don’t know how the hacker managed to obtain data of over 267 million Facebook accounts, they suspect it might be due to a leakage in third-party API or scrapping.
“Given the data contain sensitive details on the users, it might be used by cybercriminals for phishing and spamming,” reads a blog post from the researchers.
Late last year, the online database exposed the names, Facebook ID, and phone numbers of more than 267 million people. The database was available online without a password, allowing anyone to access sensitive information. Cybersecurity researchers traced the database to Vietnam.
Facebook in November last year also admitted that some 100 app developers had access to users’ data through private groups. In the past few years, Facebook has been criticised over how it shares user data with third parties. In 2018, Facebook was in the center of controversy when Cambridge Analytica had purchased Facebook data on tens of millions of Americans without their consent and used it for political advertising.
Here’s how to protect your Facebook account for being hacked
The best way users can protect their Facebook account is by changing their passwords and ensure that they have not reused the current password elsewhere. You are also advised to enable two-factor authentication. This ensures username and password breach will not enable an attacker to access your account.
Cyble researchers have created a breach monitoring platform called AmIbreached.com, where users can check whether their email addresses have been found in dark web data.