Facebook Marketplace users are at serious risk of phishing, identity theft and cyberattacks as hundreds of thousands of online accounts are leaked.
A massive data breach has exposed the phone numbers, email addresses and personal information of 200,000 users.
The data set, which MailOnline has confirmed is still available, is now on sale for cybercriminals to create targeted scams.
If you use Facebook Marketplace, experts assure you that it’s not too late to protect your personal data.
Jake Moore, global cybersecurity advisor at ESET, told MailOnline: “If you think you have been targeted, I would consider changing your password.”
Facebook Marketplace users have been warned to change their passwords and install two-factor authentication after a breach leaked the details of 200,000 accounts.
The data was posted on a hacking forum by a well-known cybercriminal operating under the alias IntelBroker.
In its post, IntelBroker stated: “In October 2023, a cybercriminal named “algoatson” on Discord breached a contractor who manages cloud services for Facebook and stole its partial user database of 200,000 entries.”
The leaked data contained a wide variety of personal information, including names, phone numbers, email addresses, Facebook IDs, and Facebook profile information.
The data has been verified as legitimate by beepcomputer who were able to match email addresses and phone numbers within the sample data.
InfoBroker is an extremely successful and professional hacker or group of hackers with a history of targeted breaches against high-profile targets.
Moore said: ‘The infamous InfoBroker has a track record of successfully breaking into networks.
“They have compromised health data before, so they have no morals or ethics, but they have also attacked HP and are looking for a lot of money as a result.”
The infamous cybercriminal IntelBroker leaked the database in a post on a hacking forum where he claimed that it had been stolen in October 2023.
He explains that this data would have been sold on the dark web for months for around $1 per data line.
Moore said: “This is a stark reminder that our data is a valuable currency, and the most up-to-date data is the most valuable to criminals.”
“Criminals can do a lot of damage with all the pieces (of information) when they put them all together from the dark web.”
Moore told MailOnline that the biggest concern is that cybercriminals could use this data to facilitate targeted attacks.
Particularly concerning are the 24,000 email addresses in the data set that have been linked to Facebook pages.
Moore explains that criminals can connect them with passwords that have previously been leaked to the dark web and use specific bots to hijack accounts.
He said: ‘Criminals today are looking for the chance to take over an account and they can do a lot with that.
“They might just take over a Facebook account to run ads, but sometimes they can get a little more nefarious and start messaging people from those accounts.”
In the worst case scenario, criminals can use your account to impersonate you and trick your friends and family into sending money.
Leaked phone numbers can also expose Facebook users to an attack called “SIM swapping.”
In these attacks, a criminal calls the mobile provider and impersonates a customer using details obtained from leaked data and public social networks.
They then convince the provider to transfer the phone number to a new SIM card.
To see if your accounts have been breached in the past, you can use sites like ‘Have I Been Pwned’, which check leaked databases.
However, these services will not have been updated with this breach data, so they will not be able to inform you of any recent breaches.
Moore recommends that you regularly update your passwords and avoid giving away too much information online that hackers can use against you.
It is also advisable to be very careful when dealing with unusual messages.
“If you receive emails, always think twice before clicking on a link and never disclose information about links that appear in emails and text messages,” Mr. Moore added.
Additionally, he recommends setting up two-factor authentication for all your accounts and using a strong authenticator app if possible.
Facebook has been contacted for comment.