The leak is old: it happened in 2019 and the breach was closed at the time by Facebook. But the data that cybercriminals obtained at the time was dumped yesterday, April 3, in a web forum frequented by cybercriminals. There are records of approximately 533 million users from 106 countries, containing from phone to Facebook ID, full name, place and date of birth, biography and – in some cases – e-mail address. Within the total there are records of 8,064,916 users from Brazil.
Brazilian users are distributed in two text files, compressed in a 121MB archive.
The data was obtained little by little through the Facebook breach and started to be sold in June 2020. The cybercriminal was charging approximately two Euros (eight credits from the cybercrime forum) for each country’s compressed archive. In January of this year he even created a bot on Telegram to serve his customers but it is likely that the sales were not successful, since yesterday he poured 100% of the data for free.
Since the leaked data contains personal information such as phone numbers and e-mail, it can be used by criminals for the purposes of impersonating and scamming. People who have a Facebook account can check whether or not the email associated with the account has been leaked on the “Have I Been Pwned” website.
Data scientist Zlatan Ivanov, who lives in Germany, built with the leaked data a dashboard in Google Data Studio that allows visualization of the leak’s share by more than (compared to the country’s total on Facebook. The dashboard is at the address below
https://datastudio.google.com/u/0/reporting/afa08373-621e-4e45-990e-bd631fd3b27a/page/Cn9AC
With international agencies
Source: CisoAdvisor
