Please fill in the form below to subscribe to our blog

Categories

Tags

Australia BullPhishID BullPhish ID Canada commercial credential stuffing cyberattack cybercrime cybersecurity Dark Web dark web credential loss Dark Web ID dark web monitoring dark web threat Data Breach Data Breach Alerts data compromised data loss prevention data theft France hacking healthcare insider threats Japan MSPs MSP Solutions MSP Space nation-state hackers Passly passwords phishing phishing resistance phishing resistance training ransomware remote working retail security security awareness training SMB cybersecurity stolen credentials supply chain risk The Week in Breach third party risk United Kingdom United States

Update: Facebook Breach Information is Now For Sale on the Dark Web

September 28, 2018

Update, October 4, 2018: Our cybersecurity division has confirmed that the individual account information associated with the Facebook breach is now being sold on popular Dark Web markets for $3 to $12. In comparison, a database of 2 million users is typically sold on the Dark Web for about $30. This means the infamous hackers could see an unusual payday of $150 to $600 million. 

While numerous popular vendors and hacker alias’ have obtained this information, the exact nature of how and who compromised Facebook is still unknown. Now that the information has surfaced, the affected individuals should watch for identity theft and black mail for an indefinite amount of time.

Read the latest Week in Breach to learn more about this cyber-attack and a quantitative analysis of the risk to individuals and associated businesses.  

What you need to know now, and what you should share with your customers today.

Earlier this morning, Facebook announced that 50+ million user accounts were affected by a security breach. The attacker exploited two bugs in the website’s ‘view as‘ feature, which shows the user how their page is displayed to others. According to the Dark Web chat rooms monitored by ID Agent: DOBs, education, hometown locations, and more, were gathered from these pages. Facebook has announced that they believe financial information was not accessed and they have since made the necessary patches.  

Ninety million users of the social media platform were logged out on Friday September 28, 2018. They received a notification: “Your privacy and security are important to us,” the update reads. “We want to let you know about recent action we’ve taken to secure your account…”

At this time, no Dark Web hackers or whistleblowers are associating themselves with the breach, and there hasn’t been any mentions of leaked data in chatrooms/forums. Public Dark Web forums are mute as well. ID Agent is continuously monitoring the situation, as the hacker group is most likely compiling this information to be immediately sold on the Dark Web, which could then be redistributed on numerous private and public data dumps websites.

In the meantime, all Facebook users should change their passwords immediately, do a device audit, and turn on two factor authentication.

MSPs do you suspect that your customer has been apart of this breach? We can help. Enroll in SpotLight ID™ today.