A cybercriminal actor on the dark web has made available a dataset of Facebook accounts belonging to 267 million users, recently selling the collective lot to researchers for 500 Euros.
User data includes one’s email address, first and last names, phone number, Facebook ID, last connection, status and age, according to a blog post report from Cyble, whose researchers purchased the data.
Researchers at Sophos crunched the numbers and determined that the price point of 500 Euros equals roughly $540, or approximately 0.0002 cents per record. Buyers who scoop up this dataset can potentially use the information within for phishing and spamming purposes.
Sophos also noted that this same data set has appeared before on the dark web, and uncovered by security researcher Bob Diachenko, working with the cyber firm Comparitech.
Comparitech last month reported that the data was lifted from an openly exposed Elasticsearch cluster and posted on the dark web in December. The ISP managing the IP address of the Elasicsearch server removed the database after being alerted to the situation. Then, in March, a second server containing identical records, plus 42 million more, was discovered. This server was attacked and destroyed by unknown actors.
Diachenko, Comparitech and Cyble all suspect that the compromised Facebook information may have initially been exposed due to an illegal data scraping program or leakage in/abuse of a third-party API.