New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Information From 267 Million Facebook Profiles for Sale on Darkweb

Over the weekend, the cybersecurity intelligence firm Cyble discovered a threat actor selling a database that contains 267 million Facebook profiles for around $600. These profiles, mostly from users in the United States, were originally found last month on an open Elasticsearch database. The profiles on the database do not contain passwords but do include the user’s full name, phone number, and unique Facebook ID. Approximately 16.8 million Facebook profile records that also included email addresses, dates of birth and gender were later found on another unsecured Elasticsearch database. It is currently unknown how the data was originally leaked, but it is possible that the data was obtained by scraping Facebook profiles that had privacy settings configured to make the profile information publicly available.

Analyst Notes

Information like this is commonly used by attackers to create spear-phishing campaigns that are intended to steal login credentials using emails and SMS texts that pretend to be Facebook. If the phishing messages contain information such as the recipient’s date of birth, phone number or full name, they tend to be more successful. Facebook users, personal and business, are recommended to tighten their security and privacy settings on Facebook, enable multi-factor authentication whenever possible, and be extremely cautious of unsolicited emails or text messages.
For more information, please read: