Min menu


Researchers discover 100,000 Facebook accounts hacked


Cyber criminals have left an open database, discovering a global attack that has led to the hacking of Facebook accounts that have been used to deceive others, security researchers have revealed.

Researchers uncovered a massive global scam targeting Facebook users after finding an unsafe database used by fraudsters to store usernames and passwords for at least 100,000 victims.

The researchers said that the cyber criminals behind the fraud were deceiving Facebook victims to provide login credentials to their accounts using a tool that pretends to detect who was visiting their profiles.

"Fraudsters then used stolen login credentials to share unwanted comments on Facebook posts through hacked victims' accounts, with the aim of directing people to their network of fraud sites," researchers at information security firm VPNMentor said Friday. "All of these sites eventually led to a fake Bitcoin trading platform used to trick people into getting deposits of at least 250 euros."

The researchers said they had no evidence that any other malicious parties may have accessed or leaked the data.

The unsecured Elasticsearch database contained about 5.5GB of data containing 13,521,774 records of at least 100,000 Facebook users. The database was open between June and September this year and was discovered on 21 September and closed on 22 September.

The data in the exposed database included credentials, IP addresses, and text charts of comments that fraudsters might post on Facebook pages through hacked accounts, which direct people to suspicious and fraudulent websites, and PII data, such as emails, names, and phone numbers of victims who have been defrauded to obtain Bitcoin.

The researchers said that in order to make sure the database was active and genuine, they entered fake credentials to log on to a fraudulent web page and verify their registration.