- The researchers found a huge database on the dark web
- Threat actors claim to have scratched it by abusing a Facebook API
- Facebook says the database has years
A hacker claims to have scraped 1.2 billion Facebook user records, including people’s names, locations and telephone numbers. It is according to Cybernews cybersecurity researchers, who recently spotted a new thread on a Dark web forum, promoting the gigantic database.
In the thread, the threat actor claims to have generated an entirely new database (rather than compiling information that was already available in Dark web waters), and that it contains user identifiers, names, email addresses, user names, telephone numbers, locations, birthday data and gender information.
Cybernews researchers analyzed certain parts of the data and confirmed that it was legitimate (at least the parties they looked at). This means that the one who enters this database can use the information found inside to launch very convincing phishing attacks, engage in identity flight and perhaps even wire fraud.
Abuse extensions
But there are other things to consider. CYBERNEWS, for its part, says that the claim of 1.2 billion user files should be taken with a massive grain of salt, for a number of reasons.
First, the threat actor only published once before, so their reputation is questionable. Second, there was a similar, but smaller leak, in recent history, which encouraged researchers to suggest that it is perhaps the same archive, only re-elected with a little additional information.
The data would have been recovered by abusing a Facebook API. Meta, the parent company of the social media giant, has not denied it, but suggested that the attackers are simple fraudsters trying to share an old database as something completely new.
“This is not a new assertion. We disclosed years ago and took action to prevent similar incidents from performing since,” Meta spokesperson told Cybernews, and shared a link to the blog of a company on the way he fights scratching.
Researchers think it could be one of the biggest scratches of data to be came from Facebook and a testimony to the bad sense of security and privacy of the company:
“Repeated incidents show a pattern of reactive rather than proactive security measures, in particular with regard to the protection of publicly but always sensitive data. The absence of stronger guarantees and transparency undermines confidence and leaves millions of people potentially exposed to phishizing, scam, perhaps identity toft and long-term confidentiality problems,” said the team.
Via Cyberness
