Facebook Marketplace users have been put at serious risk of phishing, identity theft, and cyberattacks as hundreds of thousands of accounts are leaked online.
A massive data breach has exposed the phone numbers, email addresses, and personal information of 200,000 users.
The dataset, which the MailOnline has confirmed is still available, is now on sale to cybercriminals for the creation of targeted scams.
If you use Facebook Marketplace, experts reassure that it’s not too late to protect your personal data.
Jake Moore, global cybersecurity advisor for ESET, told MailOnline: ‘If you feel that you have you have been targeted then I would consider changing your password.’
Facebook Marketplace users have been warned to change their passwords and install two-factor authentication after a breach leaked the details of 200,000 accounts
The data was posted to a hacking forum by a well-known cybercriminal operating under the alias IntelBroker.
In their post, IntelBroker claimed: ‘In October 2023, a cyber criminal by the name of “algoatson” on Discord, breached a contractor that manages cloud services for Facebook and stole its partial user database of 200,000 entries.’
The leaked data contained a huge variety of personal information including names, phone numbers, email addresses, Facebook IDs, and Facebook profile information.
The data has been verified as legitimate by BleepingComputer who were able to match the email addresses and phone numbers within the sample data.
InfoBroker is an extremely successful and professional hacker or hacker group with a history of targeted breaches against high-profile targets.
Mr Moore said: ‘The infamous InfoBroker has a history of successfully breaking into networks.
‘They have compromised health data before so they have no morals or ethics but have also targeted HP so they are looking for big money as a result.’
Infamous cybercriminal IntelBroker leaked the database in a post to a hacking forum where they claimed it had been stolen in October 2023
He explains that this data would have been sold on the dark web for months at around $1 per line of data.
Mr Moore said: ‘This is a stark reminder that our data is a valuable currency, and the most up-to-date data is the most valuable to criminals.
‘Criminals can do a lot of damage with all the pieces [of information] when they put it all together from the dark web.’
Mr Moore told MailOnline that the biggest concern is that this data can be used by cybercriminals to facilitate targeted attacks.
Particularly concerning are the 24,000 email addresses in the dataset that have been linked with Facebook pages.
Mr Moore explains that criminals can connect these with passwords that have previously been leaked onto the darkweb and use targeted bots to hijack accounts.
He said: ‘Criminals these days are looking for the ability to take over an account, and they can do a lot with that.
‘They might just take over a Facebook account to pump out ads but sometimes they might go a bit more nefarious and start messaging people from those accounts.’
In the worst-case scenario, criminals can use your account to impersonate you and trick your friends and family into sending money.
The leaked phone numbers can also expose Facebook users to an attack called ‘sim swapping’.
In these attacks, a criminal calls up the mobile phone provider and impersonates a customer using details gleaned from leaked data and public social media.
They then convince the provider to transfer the phone number to a new SIM card.
To see if your accounts have been breached in the past you can use sites like ‘Have I Been Pwned’ which check leaked databases.
However, these services will not have been updated with the data from this breach so will be unable to inform you of any recent leaks.
Mr Moore recommends that you regularly update your passwords and avoid giving out too much information online that hackers might be able to use against you.
It’s also wise to be extremely cautious when dealing with any unusual messages.
‘If you are sent emails always consider thinking twice before clicking on a link and never divulge information on links that appear in emails and text messages,’ Mr Moore added.
Additionally, he recommends setting up two-factor authentication for all your accounts and using a secure authenticator app if possible.
Facebook has been contacted for comment.