If you want a copy of a chunk of what was collected in the massive Facebook data leak, it reportedly will only set you back $1,000.
Last week, we reported on the latest massive data leak from Facebook where 419 million phone numbers became publicly accessible. Facebook, for its part, tried to dismiss the leak as being really old. By old, they mean at least a year old now. While it was an effort to downplay the severity of the leak, it seems others are seeing the massive trove of personal information as being a bit more valuable then that.
According to a report on CNet, someone is attempting to sell the massive data dump on a hacking web forum. Reportedly, 220 million of the 419 million is up for sale. The asking price? A mere $1,000. From CNet:
The price for buying Facebook user data in bulk: $1,000.
Elliott Murray, CEO of UK-based cybersecurity company WebProtect, found the information for sale on the web forum in May. He believes it’s the same list that TechCrunch reported Wednesday was found on an unsecured web server by cybersecurity researcher Sanyam Jain. The list, which Facebook said Wednesday contained old data scraped from a feature it’s since disabled, was posted to the web forum by a seller who said he was based in Vietnam and had put the data together for marketing purposes.
Murray’s find indicates that the scraped data was making its way around the web in addition to ending up on an unsecured server, and was in the hands of at least one person who saw it as a marketing tool — and a chance to make some quick cash. Facebook acknowledged in April 2018 that a feature meant to let users look each other up by phone number had been abused to scrape numbers. The numbers were also public on the users’ profiles at the time they were scraped, Facebook said.
Regarding the discovery that the data was for sale, the spokeswoman said in a statement that web scraping is “an industrywide challenge,” adding, “in this case, as we announced in April 2018, people’s publicly available phone numbers were scraped in violation of our policies. That is why we removed the ability to find friends using their phone number, because we learned that malicious actors abused this feature.”
Of course, what’s interesting about some of these comments is the fact that, last year, Facebook themselves were accused of taking all the phone numbers that they promised would be used for security purposes, then turned around and used that information to sell ads. What the hacker in question is saying is that he is basically doing what Facebook is accused of doing to a degree when that hackers says its for marketing purposes. Now, Facebook is seemingly on the other side of the fence calling the scraping of information an “industrywide challenge”. On that angle, you can get that sense of irony in all of this.
At any rate, there are certainly those that see value in the so-called “old” data. It’ll be interesting to see how long privacy issues surrounding Facebook will continue to make headlines.
Drew Wilson on Twitter: @icecube85 and Facebook.
