By Nathalie Voit
The personal information of over 1.5 billion Facebook users is being sold online on a popular website for hackers in what is reportedly the largest and most significant data breach to date for the social media platform. However, the validity of the data dump is still in question, as experts suspect the offer could be a scam.
According to Privacy Affairs, a member of a known hacking forum claimed to have the personal information in late September. The hacker offered to sell the data to prospective buyers all at once or in chunks. One potential buyer claimed to have received a quote of $5,000 for the data of one million users. According to the seller, the data for each Facebook account includes name, location, email address, phone number, gender, and user ID.
Samples shared by the hacker appear to be authentic, Privacy Affairs reported. After cross-checking the data against previous Facebook leaks and finding no known matches, the outlet was able to verify that the sample data was indeed unique and not simply a duplicate or resell of old data.
The hacker claims to be in charge of a four-years-old Facebook data scraping operation with over 18,000 clients.
However, according to a forum user who claims to have paid the seller, the seller has yet to send him anything in return. Privacy Affairs can only attest to the authenticity of the multiple samples, which appear to be real.
Web scraping, as opposed to hacking, is a means of data extraction whereby publicly available information is accessed and organized into lists and databases. The information can be utilized for sophisticated phishing operations and scams. The data could also be sold to internet marketers who may bombard individuals with unsolicited advertising or robocalls.
Although no accounts appear to have been compromised at the time, takeovers could still occur if the data lands in the hands of the right cybercriminals. Data could also be used to target individuals with unwanted cold calls or promotional emails.
“Scammers can do an enormous amount with little information from us,” said CyberScout founder Adam Levin, a cybersecurity expert and consumer protection advocate. “It’s serious when phone numbers are out there. The danger when you have phone numbers, in particular, is a universal identifier.”
This is not the first time Facebook users have had their data stolen. A similar breach earlier this year saw the leaked data of 533 million users posted to an amateur hacking forum, according to NPR. In that breach, the scraped data was leaked online and posted to the dark web for free.
The news of the alleged data leak arrived amid a global outage affecting Facebook and its subsidiary platforms, Instagram and WhatsApp, on Oct. 4. The social media platforms were offline for much of the day, Newsweek reported.
“We’re aware that some people are having trouble accessing our apps and products,” Facebook said on its official Twitter account. “We’re working to get things back to normal as quickly as possible, and we apologize for any inconvenience.”
According to Privacy Affairs, the outage was unrelated to the hack and data sale scheme.