Report says more than 1.5 billion Facebook users’ data sold on the dark web, but it’s not related to Facebook outage

Facebook and its related platforms Instagram and WhatsApp are now selling the data of its more than 1.5 billion users on the dark web amid a worldwide disruption, causing great panic as the company's shares plummeted nearly 5 percent and its $10 billion market value evaporated instantly.

Screenshots found on Twitter show posts allegedly selling the personal data of 1.5 billion Facebook users on the dark web, accessible only through a special browser known as Tor.

In late September 2021, users on a well-known hacking forum posted an announcement claiming to have the personal data of more than 1.5 billion Facebook users, according to a report by PrivacyAffairs, a security firm focused on privacy research. The data is currently for sale on the hacker forum platform, and interested buyers have the opportunity to purchase all or part of the data.

According to the forum posters, the data offered contains personal information about the following Facebook users: name, gender, location, email address, phone number, and user identity.

One potential buyer allegedly offered $5,000 per 1 million Facebook accounts, which would make the entire Facebook user data set worth more than $7.5 million.

In a subsequent post, the seller claimed to represent a large company working to obtain data from Facebook. The seller adds that the company is a legitimate "crawling company" that has been operating for at least four years and has more than 18,000 customers.

The samples provided in the post suggest that the data does appear to be genuine, and PrivacyAffairs cross-checked them with known Facebook database leaks and found no matches, meaning that the sample data it provided was unique and not a resale of previously leaked data.
Web crawler

According to the post, the seller claims to have obtained the data by web crawling rather than hacking Facebook or compromising individual users' accounts. Web crawling is a process that uses bots to extract publicly available content and data from websites and combine the crawled content into new lists and databases.

However, the seller's use of hacked forums to attract customers did not ease concerns, even if the company claimed that the 1.5 billion Facebook users whose data was compromised would not be affected by it.

While technically no accounts were compromised; the impact of the data ending up in the hands of unscrupulous Internet marketers, as well as cybercriminals, could be enormous.

Web crawling

According to the post, the seller claims to have obtained the data by web crawling rather than hacking Facebook or compromising individual users' accounts. Web crawling is a process that uses bots to extract publicly available content and data from websites and combine the crawled content into new listings and databases.

However, the seller's use of hacked forums to attract customers did not ease concerns, even if the company claimed that the 1.5 billion Facebook users whose data was compromised would not be affected by it.

While technically no accounts were compromised; the impact of the data ending up in the hands of unscrupulous Internet marketers as well as cybercriminals could be enormous.

Downtime

Yesterday,Facebook platforms including WhatsApp and Instagram were suddenly inaccessible. Facebook said it was “aware that some people are having problems accessing the Facebook app” and is working to restore access.

However, the downtime lasted for nearly six hours, which is hard to understand when such an operation and maintenance incident occurs at Facebook, a major international Internet company. After resolving the problem, Facebook also issued an explanation announcement: a configuration change on the backbone router that coordinates network traffic between data centers caused the communication outage.

Cloudflare also posted a blog flirtation and analyzed the cause of the accident as a BGP configuration error that led to a DNS resolution failure.

On October 4 at around 16:50 UTC, 1.1.1.1 public DNS server provider Cloudflare noticed that Facebook, WhatsApp and Instagram domains suddenly stopped resolving and all IPs of the social giant were unreachable, as if Facebook's data center was disconnected from the Internet at the same time. Facebook broadcasts its presence to other networks via BGP, and at 16:40 UTC, Facebook sends out a series of routing changes, problems follow, it stops broadcasting its DNS prefix routes, DNS servers go offline, Facebook-related domains stop resolving subsequently affecting other DNS servers, and Facebook de facto disappears from the Internet. Around 21:00UTC, Facebook re-broadcast its routing information and by 21:20UTC its service was back to normal.

Why did the problem last for such a long time? According to unconfirmed sources on social networks: there was a coordination problem between the engineers who had physical access to the system after the routing problem and those who had access to log in to the system and those who knew how to fix the problem.

Affected by the downtime, Facebook shares once fell to 5.9% and closed down 4.9%, hitting a four-month low since June 3, and its market value evaporated $64.3 billion overnight.