Facebook profiles of over 267 million users sold on dark web, hacking forums

Facebook profiles of over 267 million users were sold on the dark web and hacker forums for $623 (₹47,900 approx). These Facebook profiles don't include passwords but contain details like email addresses, phone numbers, personal details and more.

This began with security researcher Bob Diachenko discovering an Elasticsearch database with over 267 Facebook profiles of users mostly from the US, Bleeping Computer reported. This was later removed by the ISP hosting it after being informed about it. However, there was another data with the same profile data along with 42 million more was created.

In this database unknown hackers left a message warning users to keep their servers secure. This database too contained information like the Facebook user's email address, birthdate, and gender. It is believed that these servers belonged to a criminal organisation who stole all the data using the Facebook API before it was taken off.

Cybersecurity intelligence firm Cyble then discovered that the stolen Facebook data was being sold on the dark web and on hacking forums. Cyble bought the database to conduct an investigation on how the Facebook data got leaked in the first place. It is speculated that the data could have been stolen through third-party Facebook APIs. While the stolen data doesn't contain account passwords, the email addresses can be used for phishing and scamming by cybercriminals.