Since the data leakage in early June of over half a billion private accounts from Facebook has a certain Cambridge Analytica vibe around it, we’ve tried to give a shot and find out how this dataset is being sold, who the vendors and the interested buyers are. The initial hint was that the dataset is found on an infamous forum well-known for dealing with user databases and personal data.
First we tried to find the original sources of these accounts with our Dark Web Search Engine, and it turned out that the one and only source is apparently on the Clear Web. After that, our team tried to identify the vendor, and interestingly we’ve found that many interested buyers have already contacted him/her and tried to acquire the data.
Reading the discussions it seems many of them transferred the first payments, others complained of the general conduct of the vendor, and finally some eventually realized that the whole deal is a scam and reported the vendor. It was about mid-June when the forum admins became aware of the situation and banned the vendor for good, declaring all of his/her activity a scam. Considering these findings we can assume that the vendor never had actual personal data from half a billion Facebook profiles, and that – in this particular case at least – no personal data of Facebook users was exposed.
So the vendor’s profile was banned on this forum, but exploring his earlier activities it became clear that a year before he/she has already tried to sell a considerable amount of personal data (unrelated to Facebook), but this attempt also looks like a scam, and apparently they weren’t able to make any deal, on this site at least. A quick look at his/her Telegram account tells us that the story goes back way beyond the alleged Facebook dataset, since the account description, like some advertisement, suggests that he/she has tried this scam on a regular basis.
While no actual personal data was involved in this case, we must remember that this is a real and ongoing issue that could affect any of us, and will certainly be one of the greatest challenges facing the cybersecurity industry in the forthcoming years. Thousands of datasets of personal and corporate data are available and being sold on the Dark Web and more frequently on the Clear Web too.
When personal data is at stake, one should always be cautious with third party applications, especially when giving permissions and submitting personal data or identification numbers. In these situations we can always disable the third party access to our data.
Personal data that is released to third party companies can be used for unwarranted advertisements, or to engineer cyber attacks. When we receive an SMS message or an email that asks for our credentials always make sure that the sender represents the same entity we were contracted with before.
Authors: CyberIntelMatrix, Cyber Threat Intelligence Team