William in Science

Urgent warning for Facebook Marketplace users as 200,000 accounts have been leaked online – here’s how to protect your data

Facebook Marketplace users are at serious risk of phishing, identity theft and cyber attacks as hundreds of thousands of accounts are leaked online.

A major data breach has exposed the phone numbers, email addresses and personal information of 200,000 users.

The dataset, which MailOnline has confirmed is still available, is now being sold to cybercriminals to create targeted scams.

If you use Facebook Marketplace, experts assure you that it’s not too late to protect your personal information.

Jake Moore, global cybersecurity advisor for ESET, told MailOnline: ‘If you think you are being targeted then I would consider changing your password.’

Facebook Marketplace users have been warned to change their passwords and install two-factor authentication after a breach leaked the details of 200,000 accounts

The data was posted on a hacking forum by a known cybercriminal operating under the alias IntelBroker.

In their post, IntelBroker claimed: “In October 2023, a cybercriminal going by the name ‘algoatson’ on Discord breached a contractor managing cloud services for Facebook and stole its partial user database of 200,000 entries.”

The leaked data contained a wide variety of personal information, including names, phone numbers, email addresses, Facebook IDs, and Facebook profile information.

The data has been verified as legitimate by BleepingComputer who could match the email addresses and phone numbers in the sample data.

InfoBroker is an extremely successful and professional hacker or hacker group with a history of targeted breaches against high-profile targets.

Mr Moore said: ‘The infamous InfoBroker has a history of successfully breaking into networks.

“They’ve compromised health data before, so they have no morals or ethics, but they’ve also targeted HP so they’re looking for a lot of money as a result.”

Notorious cybercriminal IntelBroker leaked the database in a message to a hacking forum where they claimed it was stolen in October 2023

He explains that this data would have been sold on the dark web for months for about $1 per line of data.

Mr Moore said: ‘This is a stark reminder that our data is a valuable currency, and the most up-to-date data is the most valuable to criminals.

‘Criminals can do a lot of damage with all the pieces (of information) if they get it all from the dark web.’

Mr Moore told MailOnline that the biggest concern is that this data could be used by cybercriminals to enable targeted attacks.

Of particular concern are the 24,000 email addresses in the dataset that are linked to Facebook pages.

Mr Moore explains that criminals can link these to passwords previously leaked on the dark web and use targeted bots to hijack accounts.

He said: ‘Criminals these days are looking for the opportunity to take over an account, and they can do a lot with that.

“Maybe they just take over a Facebook account to distribute ads, but sometimes they get a little more nefarious and start messaging people from those accounts.”

In the worst case, criminals can use your account to impersonate you and trick your friends and family into sending money.

The leaked phone numbers could also expose Facebook users to an attack called “SIM swapping.”

In these attacks, a criminal calls the mobile phone provider and pretends to be a customer using data collected from leaked data and public social media.

They then convince the provider to transfer the telephone number to a new SIM card.

To see if your accounts have been compromised in the past, you can use sites like Have I Been Pwned, which check leaked databases.

However, these services have not been updated with the details of this breach and therefore cannot notify you of any recent breaches.

Mr Moore recommends that you update your passwords regularly and avoid giving out too much information online that hackers could potentially use against you.

It is also wise to exercise extreme caution when dealing with unusual messages.

“If you receive emails, always think before clicking a link and never reveal information about links that appear in emails and text messages,” Moore added.

Additionally, he recommends setting up two-factor authentication for all your accounts and using a secure authenticator app if possible.

Facebook has been contacted for comment.

PHISHING INVOLVE CYBER CRIMINALS TRYING TO STEAL PERSONAL INFORMATION

Phishing is when cybercriminals attempt to steal personal information such as online passwords, banking information or money from an unsuspecting victim.

Very often, the criminal uses an email, phone call or even a fake website pretending to be from a reputable company.

The criminals can use personal information to complete a victim’s profiles, which can be sold on the dark web.

Cybercriminals will use emails in an attempt to extract personal information from victims to commit fraud or infect the user’s computer for nefarious purposes

In some phishing attempts, criminals send infected files in emails to take control of a victim’s computer.

Any form of social media or electronic communication can be part of a phishing attempt.

Action Fraud warns that you should never assume that an incoming message is from a real company, especially if it asks for a payment or wants you to log into an online account.

Banks and other financial institutions will never email looking for passwords or other sensitive information.

An activated spam filter should protect against most malicious messages, although the user should never call the number at the bottom of a suspicious email or follow its link.

Experts advise that customers should call the organization directly to see if the attempted communication was genuine.

According to Action Fraud: ‘Phishing emails encourage you to visit the fake websites.

‘They usually come up with some important-sounding excuse to take action based on the email, such as telling you that your bank details have been compromised, or claiming that they are from a company or agency and that you are entitled to a refund, discount , reward or discount.

‘The email tells you to follow a link to enter crucial information such as login details, personal details, bank account details or anything else that could be used to defraud you.

‘Alternatively, the phishing email may try to encourage you to download an attachment. The email claims it’s something useful, such as a coupon you can use for a discount, a form you need to fill out to claim a tax credit, or a piece of software to secure your phone or computer.

‘In reality, it’s a virus that infects your phone or computer with malware designed to steal personal or banking information you have stored or keep your device loose to get you to pay a fee.’

Source: Action Fraud

Next Read: North Dakota lieutenant governor launches gubernatorial bid against congressman »

Driving posture affects electric scooter riders’ injuries in accidents
Driving posture of electric scooter riders increases the risk of head or brain injuries during…
The Science of Slot Machines: How They Work
Slot machines have become a ubiquitous presence in the world of gambling and entertainment, gracing…
World Wetland Day Celebration 2023
The Ramsar Convention is an international treaty for the conservation and sustainable use of wetlands.…