A successful hack on a Meta contractor has led to a data leak of 200,000 Facebook Marketplace user data on a hacking forum, Bleeping Computer reports. Numerous pieces of personally identifiable information (PII), such as names, phone numbers, email addresses, Facebook IDs, and profile details, are said to be contained in the compromised database.
The infamous threat actor IntelBroker reportedly claims to have exposed the partial Facebook Marketplace database on Breach Forums. As for email addresses alone, 24,127 are included in the leaked database, reportedly first made public on February 11th, along with other compromised data.
The threat actor claims this portion of the Facebook Marketplace database was taken by someone exploiting the 'algoatson' Discord name to breach the systems of a Meta contractor last October 2023.
Hackread notes that it is important that IntelBroker withheld the name of the contractor who was purportedly targeted. Facebook does not handle all Facebook Marketplace data through a single contractor company. Instead, depending on the particular data element, they utilize a mix of external partnerships and internal teams.
Renowned for their roles in multiple high-profile cyberattacks, such as the December 2023 leak of classified US Department of Defense secrets, IntelBroker has a history of breaking into networks and reselling stolen information on dark web forums.
Prior breaches that IntelBroker has taken advantage of include the General Electric security breach that resulted in the November 2023 auction of DARPA-related network access. In February 2023, 1.1 million accounts were compromised in the Grocery Service breach.
Facebook Hacked
Facebook has a history of being associated with data leaks. A database with the personal information of 533 million Facebook users surfaced for free online in 2022. Notably, the phone numbers of Dustin Moskovitz, Chris Hughes, and Mark Zuckerberg-three of Facebook's founders-were also reportedly exposed during this data breach.
The incident led to the social media giant Meta being fined €265 million ($275.5 million) for neglecting to prevent Facebook users' private information from being scraped by other parties. Facebook has been under fire for a long time for allowing other companies to gather or scrape user data, the most well-known incident being Cambridge Analytica.
Similarly, on a hacker forum in December 2019, hackers reportedly revealed the personal information of 267 million Facebook users. The users' names and email addresses of all e exposed in this incident, which was also the result of scraping activity.
Facebook Marketplace Users at Risk
Such sensitive personal data leaks carry a significant risk that they could have a long-lasting impact on people's lives. Threat actors use the data gathered to launch phishing scams, send malicious emails, and carry out other convincing assaults against people whose personal information was left vulnerable.
The leaked data can also reportedly be used to utilize publicly available mobile numbers and personal information in SIM swap attacks, which enables hackers to obtain multi-factor authentication tokens delivered via SMS and take control of their targets' accounts.
Related Article : LectureNotes Learning App Hit by Cyberattack; 2 Million Users Affected