A threat actor leaked 200,000 records on a hacker forum, claiming they contained the mobile phone numbers, email addresses, and other personal information of Facebook Marketplace users.
BleepingComputer verified some of the leaked data by matching the email addresses and phone numbers on random records within the sample data shared by IntelBroker, the threat actor who leaked the data online.
A Meta spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.
IntelBroker claims this partial Facebook Marketplace database was stolen by someone after they hacked the systems of a Meta contractor.
The leaked database contains a wide variety of personally identifiable information (PII), including names, phone numbers, email addresses, Facebook IDs, and Facebook profile information.
Threat actors can use the email addresses leaked online in phishing attacks and the Facebook Marketplace users' mobile numbers mobile phishing attacks.
The exposed mobile numbers and personal info can also be used in SIM swap attacks that would allow them to steal multi-factor authentication codes sent via SMS and hijack their targets' accounts.
IntelBroker is known for the breach of DC Health Link, which led to a congressional hearing after the personal data of U.S. House of Representatives members and staff was leaked online.
Other cybersecurity incidents linked to IntelBroker are the sale of data stolen from Hewlett Packard Enterprise (HPE), an alleged breach of General Electric Aviation, and the breach of the Weee! grocery service.
The Facebook Marketplace data leak is not the first incident of this kind that Meta has experienced in recent years.
In November 2022, Meta was hit with a €265 million ($275.5 million) fine for failing to protect Facebook users' personal information from scrapers after data linked to more than 533 million Facebook accounts was leaked on a hacker forum in April 2021.
The stolen data first surfaced in a hacking community in June 2020, and it contained information that could be scraped from public profiles and the affected accounts' private mobile numbers.
533,313,128 Facebook users had their data leaked, with the exposed information including their mobile numbers, Facebook IDs, names, genders, locations, relationship statuses, occupations, dates of birth, and email addresses.
Almost every Facebook user record leaked in April 2021 included the users' mobile phone numbers, Facebook IDs, and names, according to samples of the Facebook data seen by BleepingComputer at the time.
The April 2021 data leak also included the phone numbers for three of Facebook's founders (i.e., Mark Zuckerberg, Chris Hughes, and Dustin Moskovitz).
Comments
Mahhn - 2 months ago
The questions should be; why was the data not encrypted at rest, why was the data being stored at all, and what executive is going to be severely punished for the policies and culture that caused this - just kidding about that last part, executives are immune to criminal charges.
DyingCrow - 2 months ago
People will keep using it, anyways. Maybe because they don't know, maybe because they don't care. If neither party cares, no harm was done, thus guess safeguarding the data is irrelevant.
Rolnado786 - 2 months ago
This news you post is copy paste mean you read from other sites and post your site can you know this farum url??
NoneRain - 2 months ago
huh?
PartyQ - 2 months ago
Follow the white rabbit neo, Why don't they do anything worth doing it's all data stealing hack the INSD base and then we'll be impressed