Facebook data hack sees personal information of 1.5 billion users for sale

The personal information of over 1.5 billion Facebook users is currently posted for sale on the Dark Web.

The post, which appeared in late September, claimed to have the informational data of 1.5 billion users. This attack comes just as Facebook is experiencing an outage across its platforms including Instagram and WhatsApp. Though coincidental, it does seem that at the time of writing this, Facebook’s latest outage and latest data breech are unrelated.

“We’re aware that some people are having trouble accessing our apps and products,” Facebook said on its official Twitter account. “We’re working to get things back to normal as quickly as possible, and we apologise for any inconvenience.”

Image: Screenshot of original post on dark web

No stranger to this type of cyber breach, Facebook experienced a smaller leak earlier this year in April when data from 500 million users was compromised. Data leaks can include things like names, Facebook IDs, phone numbers, location data, and other sensitive information.

It is believed that “Web Scrappers” are to blame for the most recent attacks, following an anonymous post on a hacker forum. The post claimed to have access to the personal data of 1.5 billion Facebook users, which is currently up for sale.

The data was allegedly “scraped this year and emails and phone numbers are included as well”, the anonymous poster claims.

The hacker claimed to be part of a four-year-old data scraping operation with 18,000 clients.

Web Scrappers unlike hackers do not ‘illegally’ obtain users’ information through hacking, but rather compile lists of publicly available user information. Using automated software they are able to collect vast amounts of information from users’ public profiles.

Information that is obtained in this process is often passed onto cybercriminal markets that utilise this information to conduct sophisticated phishing attacks.

These attacks, often in the form of text or email, will redirect users to websites where they are asked to enter sensitive information including banking details, or other usernames and passwords.

Once they obtain these details, they are often sold on the dark web for further criminal activities.

Example of “SMS Phising” / Image: ISC

Following the attack earlier this year Facebook stated: “We understand people’s concerns, which is why we continue to strengthen our systems to make scraping from Facebook without our permission more difficult and go after the people behind it.”

However, that doesn’t exactly seem to be the case with the latest breach eclipsing previous numbers.