A new Facebook data breach has been discovered by cybersecurity researchers at Cyble. The report states that 267 million identities were sold for a little over $500 on the dark web, which includes users' first name, last name, age, status Facebook ID, email, and last connection.
Cyble researchers were able to execute the sale and download the data. It's unclear as of writing how the data got stolen, but it's believed it might be due to scrapping or leakage in third-party API. Given the data contain sensitive information, it might be used by cybercriminals for spamming and phishing.
The number of 267 million is not new when it comes to Facebook data breaches. It was only last year when the same number of identities were found for sale online. A representative for the social media platform said that they are looking into the matter, adding that the breach "is likely information obtained before changes we made in the past few years to better protect people's information."
Facebook is still recovering from the reputational damage that began with the Cambridge Analytica scandal, which continued with various privacy and data protection issues. The stolen data is likely from a previous breach and does not suggest that Facebook has not done anything to improve its security protocols.
Passwords weren't included in the massive hack, but Cybil is advising Facebook users to change their passwords and ensure they are not reused elsewhere. With email addresses in hand, attackers can match those addresses against breaches, which do include passwords and then try various sites. Password reuse is the single biggest enabler of account hijacks.
Anybody using the internet must also enable two-factor authentication to ensure that attackers won't be able to access your account in the event of a breach. On Facebook, you can find this feature under the Security and Login setting.
Cyble Inc. has announced several data breaches in the past, including the recent Zoom hack that left thousands of user data exposed online. Its mission is to provide organizations with a real-time view of cyber risks and threats.
The company uses a SaaS-based solution powered by human analysis and machine learning, which in turn provides businesses with knowledge of cyber attacks for them to be able to respond quickly.
Cybersecurity experts continue to advise users to tighten their privacy settings and be wary of suspicious text messages and emails. Cybil is currently indexing the data and retail users can access it via AmIbreached.com.
