Home Tech Urgent warning to Facebook Marketplace users as 200,000 accounts are leaked online – here’s how to protect your data

Urgent warning to Facebook Marketplace users as 200,000 accounts are leaked online – here’s how to protect your data

by Elijah
0 comment
Facebook Marketplace users have been warned to change their passwords and install two-factor authentication after a breach leaked the details of 200,000 accounts.

Facebook Marketplace users are at serious risk of phishing, identity theft and cyberattacks as hundreds of thousands of online accounts are leaked.

A massive data breach has exposed the phone numbers, email addresses and personal information of 200,000 users.

The data set, which MailOnline has confirmed is still available, is now on sale for cybercriminals to create targeted scams.

If you use Facebook Marketplace, experts assure you that it’s not too late to protect your personal data.

Jake Moore, global cybersecurity advisor at ESET, told MailOnline: “If you think you have been targeted, I would consider changing your password.”

Facebook Marketplace users have been warned to change their passwords and install two-factor authentication after a breach leaked the details of 200,000 accounts.

The data was posted on a hacking forum by a well-known cybercriminal operating under the alias IntelBroker.

In its post, IntelBroker stated: “In October 2023, a cybercriminal named “algoatson” on Discord breached a contractor who manages cloud services for Facebook and stole its partial user database of 200,000 entries.”

The leaked data contained a wide variety of personal information, including names, phone numbers, email addresses, Facebook IDs, and Facebook profile information.

The data has been verified as legitimate by beepcomputer who were able to match email addresses and phone numbers within the sample data.

InfoBroker is an extremely successful and professional hacker or group of hackers with a history of targeted breaches against high-profile targets.

Moore said: ‘The infamous InfoBroker has a track record of successfully breaking into networks.

“They have compromised health data before, so they have no morals or ethics, but they have also attacked HP and are looking for a lot of money as a result.”

The infamous cybercriminal IntelBroker leaked the database in a post on a hacking forum where he claimed that it had been stolen in October 2023.

The infamous cybercriminal IntelBroker leaked the database in a post on a hacking forum where he claimed that it had been stolen in October 2023.

He explains that this data would have been sold on the dark web for months for around $1 per data line.

Moore said: “This is a stark reminder that our data is a valuable currency, and the most up-to-date data is the most valuable to criminals.”

“Criminals can do a lot of damage with all the pieces (of information) when they put them all together from the dark web.”

Moore told MailOnline that the biggest concern is that cybercriminals could use this data to facilitate targeted attacks.

Particularly concerning are the 24,000 email addresses in the data set that have been linked to Facebook pages.

Moore explains that criminals can connect them with passwords that have previously been leaked to the dark web and use specific bots to hijack accounts.

He said: ‘Criminals today are looking for the chance to take over an account and they can do a lot with that.

“They might just take over a Facebook account to run ads, but sometimes they can get a little more nefarious and start messaging people from those accounts.”

In the worst case scenario, criminals can use your account to impersonate you and trick your friends and family into sending money.

Leaked phone numbers can also expose Facebook users to an attack called “SIM swapping.”

In these attacks, a criminal calls the mobile provider and impersonates a customer using details obtained from leaked data and public social networks.

They then convince the provider to transfer the phone number to a new SIM card.

To see if your accounts have been breached in the past, you can use sites like ‘Have I Been Pwned’, which check leaked databases.

However, these services will not have been updated with this breach data, so they will not be able to inform you of any recent breaches.

Moore recommends that you regularly update your passwords and avoid giving away too much information online that hackers can use against you.

It is also advisable to be very careful when dealing with unusual messages.

“If you receive emails, always think twice before clicking on a link and never disclose information about links that appear in emails and text messages,” Mr. Moore added.

Additionally, he recommends setting up two-factor authentication for all your accounts and using a strong authenticator app if possible.

Facebook has been contacted for comment.

PHISHING INVOLVES CYBERCRIMINALS TRYING TO STEAL PERSONAL INFORMATION

Phishing involves cybercriminals attempting to steal personal information such as online passwords, banking details or money from an unsuspecting victim.

Very often, the criminal uses a fake email, phone call, or even a website posing as a trusted company.

Criminals can use personal data to complete profiles of a victim that can be sold on the dark web.

Cybercriminals will use emails in an effort to obtain victims' personal information to commit fraud or infect the user's computer for nefarious purposes.

Cybercriminals will use emails in an effort to obtain victims’ personal information to commit fraud or infect the user’s computer for nefarious purposes.

Some phishing attempts involve criminals sending infected files in emails to take control of the victim’s computer.

Any means of social media or electronic communication can be part of a phishing attempt.

Action Fraud warns that you should never assume that an incoming message comes from a genuine company, especially if it requests payment or wants you to log into an online account.

Banks and other financial institutions will never send emails seeking passwords or other sensitive information.

An effective spam filter should protect against most malicious messages, although the user should never call the number at the bottom of a suspicious email or follow its link.

Experts advise that customers call the organization directly to see if the communication attempt was genuine.

According to Action Fraud: ‘Phishing emails encourage you to visit fake websites.

‘They usually come with an important-sounding excuse for you to take action in the email, such as telling you that your banking details have been compromised or claiming that they come from a company or agency and that you are entitled to a refund, refund, reward or discount.

‘The email instructs you to follow a link to enter crucial information such as login details, personal information, bank account details or anything else that can be used to defraud you.

‘Alternatively, the phishing email may try to encourage you to download an attachment. The email claims that it is something useful, such as a coupon that can be used to get a discount, a form that must be filled out to claim a tax refund, or software to add security to your phone or computer.

“It’s actually a virus that infects your phone or computer with malware, which is designed to steal any personal or banking information you’ve saved or hold your device ransom for a fee.”

Source: Action Fraud

You may also like