Facebook Breach 2024: Sensitive User Data Up for Sale by Hacker on Breach Forums

RHC Dark Lab : 6 July 2024 09:46

Recently, a threat actor in an underground forum published an alleged data breach. This incident involves the purported exposure of a substantial Facebook user database. The compromised data includes sensitive user information such as full names, profiles, emails, phone numbers, date of birth, and locations. It is important to note that the information stems from a cybercriminal and should be approached with caution.

Al momento, non possiamo confermare la veridicità della notizia, poiché l’organizzazione non ha ancora rilasciato alcun comunicato stampa ufficiale sul proprio sito web riguardo l’incidente. Pertanto, questo articolo deve essere considerato come ‘fonte di intelligence’.

The reaction of interest from the criminal underground made itself immediately felt with over 50 responses to the post and a viewing by 3563 people since yesterday when the message appeared.

Details of the Alleged Violation

According to the forum post by the user ‘b1nary01’, the compromised Facebook user database for 2024 has been uploaded, consisting of 100,000 lines of user information. The data purportedly includes:

• Full Name
• Profile URL
• Email Address
• Phone Number
• Date of Birth
• Location

The post also includes a sample of the compromised data, indicating various personal details for a few individuals, but this sensitive information is not reproduced here for privacy reasons. The data file is available in XLSX format and can be unlocked on the forum for 8 credits.

Information on the Objective of Threat Actors

Facebook, a globally recognized social media platform, operates with a massive user base of over 2.8 billion monthly active users as of 2024. With a workforce exceeding 80,000 employees worldwide, Facebook’s services span across multiple sectors, including social networking, advertising, and digital communication. The potential motives behind such breaches often include financial gain through the sale of personal information, identity theft, and the exploitation of users’ data for various malicious activities.

Implications of the Breach

If the alleged breach is genuine, the implications for affected Facebook users could be severe. The exposed data can lead to:

1. Identity Theft: With full names, emails, phone numbers, and dates of birth exposed, threat actors can impersonate individuals to commit fraud.
2. Phishing Attacks: Compromised email addresses and phone numbers can be used for targeted phishing campaigns to extract further sensitive information or infect devices with malware.
3. Privacy Violations: Users’ personal and location information being publicly accessible infringes on their privacy rights.
4. Reputational Damage: For Facebook, another data breach could further erode user trust and damage its reputation, impacting its user base and business operations.

Conclusion

The potential Facebook data breach highlighted by the forum post underscores the ongoing challenges and risks associated with data security in the digital age. As is our custom, we always leave room for a statement from the company should they wish to provide us with updates on the matter. We would be happy to publish such information with a specific article highlighting the issue.

RHC Dark Lab will monitor the evolution of the situation in order to publish further news on the blog, should there be substantial updates. If there are individuals with knowledge of the facts who wish to provide information anonymously, they can use the whistleblower’s encrypted email.

This article has been compiled based on public information that has not yet been verified by the respective organizations. We will update our readers as more details become available.

RHC Dark Lab
RHC Dark Lab is a group of experts from the Red Hot Cyber community dedicated to Cyber Threat Intelligence led by Pietro Melillo. Participating in the collective, Sandro Sana, Alessio Stefan, Raffaela Crisci, Vincenzo Di Lello, Edoardo Faccioli. Their mission is to spread knowledge about cyber threats to improve the country's awareness and digital defences, involving not only specialists in the field but also ordinary people. The aim is to disseminate Cyber Threat Intelligence concepts to anticipate threats.