Hundreds of thousands of Facebook Marketplace users have had their personal information stolen and posted to a dark web forum, putting them at serious risk of phishing, identity theft and other cybercrime.
According to a BleepingComputer report, a known data leaker going by the alias IntelBroker posted a new thread on an underground forum, with 200,000 Facebook Marketplace records. The data includes people’s names, phone numbers, email addresses, Facebook IDs, and Facebook profile information.
The hacker claims this is a partial Marketplace database stolen by another threat actor, using the Discord alias “algoatson”. This person is said to have hacked into the systems of a Meta contractor late last year. “In October 2023, a cybercriminal going by the name ‘algoatson’ on Discord breached a contractor managing cloud services for Facebook and stole its partial user database of 200,000 entries,” IntelBroker reportedly said in the forum thread.
The publication said at least some of the data is valid because it involved random sampling and successful matching of email addresses and phone number information.
What can hackers do with your data?
IntelBroker is a well-known leaker, which has a long track record of leaks at major companies. Before Meta, IntelBroker shared sensitive data from DC Health Link, Hewlett Packard Enterprise (HPE), General Electric Aviation, Weee! and others.
Information like this is a veritable treasure trove for hackers around the world. By knowing the details about people’s personal lives, they can conduct convincing phishing attacks, break into their computers and smartphones, and possibly even steal money and cryptocurrencies. They can also target businesses, deploying various types of malware and ransomware and engaging in devastating Business Email Compromise (BEC) attacks.
Companies that experience data breaches often offer affected individuals free protection against identity theft.
Meta has yet to formally respond to the incident.