The news was first reported by Privacy Affairs, a data privacy and cybersecurity research website. Privacy Affairs states that the data leaked appears to be authentic — and, if accurate, would represent the largest data leak ever recorded. It is important to note that this data dump is not related to the global Facebook outage experienced on 4 October 2021. Another crucial piece of information pertains to how the data was made available. Privacy Affairs clarified that the information was obtained by scraping publicly available data. It also added that many media outlets and Twitter users incorrectly believe that the leak was a result of a hack or data breach. Furthermore, Privacy Affairs released an update, where it said that some forum users say they were scammed by the seller. This increases speculation about the authenticity and the magnitude of the data leak.
Personal Data Being Sold on Hacking Forum
According to Privacy Affairs, the private information in question is up for sale on a known hacker forum. Potential buyers have the choice to purchase all the data at once or in smaller batches. The seller claims to represent a group of web scrapers who have been functional for at least four years, claiming they have had over 18,000 clients in that time frame. The seller first posted an announcement in late September, claiming to possess the information of over 1.5 million Facebook users. They added that the data provided contains the following personal information:
Name Email Location Gender Phone number User ID
One prospective buyer was allegedly quoted $5,000 for the data of 1 million Facebook user accounts. Privacy Affairs conducted a preliminary investigation to check the authenticity of the data. For this, the researchers cross-checked the information with known Facebook database leaks. The exercise revealed no matches, meaning the sample data provided seems to be unique and not a duplicate or re-sell of a previously known data breach or scraping.
Data Obtained by Scraping
The seller also stated the data was obtained via scraping. Data scraping is the mass extraction of personal information and profile data from social media platforms and websites without the specific permission of the data owner. This means that, technically, no accounts were compromised in gathering the data. However, this provides little consolation, as the information can still end up in the hands of malicious cyber actors. The leaked data includes information such as phone numbers, real-life locations, and users’ full names. Researchers worry about unethical marketers who can use this data to unleash and an avalanche of unsolicited advertisements on the hapless users. SMS and push notification spam are becoming increasingly more prevalent, even though most countries made these practices illegal many years ago. Apart from spam, the information can also be used for more dangerous activities, such as phishing or social engineering attacks. Cybercriminals can potentially send fake text messages to affected users. They usually pretend to be entities like Facebook or banks as they entice users to click on a link to update security settings, change passwords, or even claim a prize.
Protect your Privacy on Facebook
A large quantity of scraped data is easily accessible since this information is freely shared and made accessible through “public” Facebook profiles. Apart from public data, a common but illegal way to scrape information is through fake surveys or quizzes. These quizzes are often schemes to obtain personal information. When a user takes one of these surveys or quizzes, they permit the creators to view their information. Facebook has over 2.7 billion users, which represents close to a third of the world’s population. Chances are that most people who use the internet have a Facebook presence. It is very important to ensure you do everything at your end to secure your Facebook privacy. A key way to secure your account from data scraping is to not make it completely public. Furthermore, when taking a quiz or a survey, always ensure that it is being offered by a known and verified publisher. To learn more about how to protect your privacy on Facebook, check out our ultimate Facebook settings guide. You can also read more about popular Facebook scams in our resource article. To learn more about what information Facebook knows about you, click here.