Threat Watch

Exposed Database Reveals Compromised Facebook Accounts

Researchers from vpnMentor have found an open Elasticsearch database that appears to be owned by cybercriminals which contains over 100,000 Facebook users’ login credentials. It appears that fraudsters were using this database to store the information after they successfully scammed the login information from unsuspecting users. The scam that was used, according to the researchers, was sending a link to users that claims that if they enter their credentials, they will be able to see who has viewed their profile. The unsecured Elasticsearch database was 5.5 gigabytes and contains over 13 million records of at least 100,00 Facebook users. The database was discovered open on Sept 21st and closed the next day. The exposed database not only contained the Facebook users accounts and login credentials but also the IP addresses of the victims, text outlines that the criminals would use to direct people to malicious websites, and personally identifiable information such as emails, names, and phone numbers of bitcoin scam victims. The information in the database was stored in cleartext format which makes it very easy for anyone who accessed the database to steal the information and use it for their own scams.

ANALYST NOTES

It is highly recommended that all Facebook users create complex and unique passwords for their login, and enable two factor authentication for their Facebook account. Password generators can be a help because they use ransom characters for passwords. To help remember these passwords, there are a number of password storage programs available. Binary Defense recommends not storing passwords in a web browser, but use a separate password manager program. Malware often targets and successfully steals all passwords stored in web browsers, but it has a harder time stealing passwords from more secure password manager applications. For companies that use Elasticsearch or any other online storage solution, the manufacturers of these services will normally have security recommendations on how to lock the database from unwanted access. These recommendations should be followed, and security audits should be performed to test the recommendations.

Source Article: https://threatpost.com/exposed-database-100k-facebook-accounts/161247/

How to set up Facebook two-factor authentication: https://www.facebook.com/help/148233965247823