Researchers from vpnMentor have found an open Elasticsearch database that appears to be owned by cybercriminals which contains over 100,000 Facebook users’ login credentials. It appears that fraudsters were using this database to store the information after they successfully scammed the login information from unsuspecting users. The scam that was used, according to the researchers, was sending a link to users that claims that if they enter their credentials, they will be able to see who has viewed their profile. The unsecured Elasticsearch database was 5.5 gigabytes and contains over 13 million records of at least 100,00 Facebook users. The database was discovered open on Sept 21st and closed the next day. The exposed database not only contained the Facebook users accounts and login credentials but also the IP addresses of the victims, text outlines that the criminals would use to direct people to malicious websites, and personally identifiable information such as emails, names, and phone numbers of bitcoin scam victims. The information in the database was stored in cleartext format which makes it very easy for anyone who accessed the database to steal the information and use it for their own scams.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in