Stolen Facebook logins selling on dark web for just $3
A number of Facebook accounts compromised in the recent data breach have been spotted on the dark web, selling for just $3 (Rs. 220). The find, done by Independent, poses a major security risk as cybercriminals could gain access to personal information and use it to carry out attacks, extort money, or commit identity theft. Here are the finer details.
Dozens of listings found on underground marketplaces
The data from cyberattacks, especially those involving monetary information, usually ends up as a batch on the dark web. But, in this case, Independent found dozens of hacked account listings, priced between $3 and $12, on dark web marketplaces like Dream Market. This, considering the breach's scale, could mean the hacked data is valued at $150-600 million in the underground market.
Also, the data appears authentic
More worryingly, the data offered on these marketplaces also appears to be authentic. Just like Amazon and eBay, shadow markets on the internet also follow a sellers rating program to indicate reliability and authenticity of the product they're offering. In this case, most of the sellers offering hacked Facebook account details were rated above 4.5, which is definitely scary.
Possible security risks from the data
The data, if purchased by criminals using semi-anonymous currencies like Bitcoin, could pose a major security threat to Facebook users. As cybersecurity experts suggest, they could use Facebook users' personal information to blackmail and extort money from them or to commit identity thefts. Not to mention, the identities can even be sold to companies for the purpose of targeted advertising.
Accounts logged-in via Facebook safe
While this revelation does indicate how valuable personal information is on the dark web, it is also worth noting that no third-party accounts connected to Facebook were compromised in the breach. Many companies like Uber and Zomato offer Facebook as a quick-login option, but after sifting through logs for external accounts, the social network confirmed the breach was limited to its own platform.
