A risk actor leaked 200,000 data on a hacker discussion board, claiming they contained the cell phone numbers, e mail addresses, and different non-public knowledge of Fb Market customers.
BleepingComputer verified one of the most leaked information through matching the e-mail addresses and get in touch with numbers on random data inside the pattern information shared through IntelBroker, the risk actor who leaked the information on-line.
A Meta spokesperson used to be no longer straight away to be had for remark when contacted through BleepingComputer previous nowadays.
IntelBroker claims this partial Fb Market database used to be stolen through somebody the usage of the ‘algoatson’ Discord take care of after hacking the methods of a Meta contractor.
“In October 2023, a cyber prison through the identify of ‘algoatson’ on Discord, breached a contractor that manages cloud services and products for Fb and stole its partial consumer database of 200,000 entries,” IntelBroker says.
The leaked database incorporates all kinds of in my opinion identifiable knowledge (PII), together with names, telephone numbers, e mail addresses, Fb IDs, and Fb profile knowledge.
Risk actors can use the e-mail addresses leaked on-line in phishing assaults and the Fb Market customers’ cell numbers cell phishing assaults.Â
The uncovered cell numbers and private data can be utilized in SIM switch assaults that will let them thieve multi-factor authentication codes despatched by way of SMS and hijack their objectives’ accounts.
​IntelBroker is understood for the breach of DC Well being Hyperlink, which resulted in a congressional listening to after the non-public information of U.S. Space of Representatives participants and body of workers used to be leaked on-line.
Different cybersecurity incidents related to IntelBroker are the sale of information stolen from Hewlett Packard Endeavor (HPE), an alleged breach of Normal Electrical Aviation, and the breach of the Weee! grocery provider.
The Fb Market information leak isn’t the primary incident of this type that Meta has skilled in recent times.
In November 2022, Meta used to be hit with a €265 million ($275.5 million) superb for failing to offer protection to Fb customers’ non-public knowledge from scrapers after information related to greater than 533 million Fb accounts used to be leaked on a hacker discussion board in April 2021.
The stolen information first surfaced in a hacking group in June 2020, and it contained knowledge that may be scraped from public profiles and the affected accounts’ personal cell numbers.
533,313,128 Fb customers had their information leaked, with the uncovered knowledge together with their cell numbers, Fb IDs, names, genders, places, courting statuses, occupations, dates of delivery, and e mail addresses.
Virtually each Fb consumer document leaked in April 2021 integrated the customers’ cell phone numbers, Fb IDs, and names, consistent with samples of the Fb information observed through BleepingComputer on the time.
The April 2021 information leak additionally integrated the telephone numbers for 3 of Fb’s founders (i.e., Mark Zuckerberg, Chris Hughes, and Dustin Moskovitz).
