Stolen Facebook logins selling on dark web for just $3
The find, done by Independent, poses a major security risk as cybercriminals could gain access to personal information and use it to carry out attacks, extort money, or commit identity theft.
Here are the finer details.
Stolen Facebook logins selling on dark web
Dozens of listings
Dozens of listings found on underground marketplaces
The data from cyberattacks, especially those involving monetary information, usually ends up as a batch on the dark web.
But, in this case, Independent found dozens of hacked account listings, priced between $3 and $12, on dark web marketplaces like Dream Market.
This, considering the breach's scale, could mean the hacked data is valued at $150-600 million in the underground market.
Also, the data appears authentic
More worryingly, the data offered on these marketplaces also appears to be authentic.
Just like Amazon and eBay, shadow markets on the internet also follow a sellers rating program to indicate reliability and authenticity of the product they're offering.
In this case, most of the sellers offering hacked Facebook account details were rated above 4.5, which is definitely scary.
Love Tech news?
Stay updated with the latest happenings.
Possible security risks from the data
The data, if purchased by criminals using semi-anonymous currencies like Bitcoin, could pose a major security threat to Facebook users.
As cybersecurity experts suggest, they could use Facebook users' personal information to blackmail and extort money from them or to commit identity thefts.
Not to mention, the identities can even be sold to companies for the purpose of targeted advertising.
External accounts safe
Accounts logged-in via Facebook safe
While this revelation does indicate how valuable personal information is on the dark web, it is also worth noting that no third-party accounts connected to Facebook were compromised in the breach.
Many companies like Uber and Zomato offer Facebook as a quick-login option, but after sifting through logs for external accounts, the social network confirmed the breach was limited to its own platform.