Minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface.
A powerful, easy-to-use search engine that combines structured technical data with content from the open, deep, and dark web.
Digital Risk Protection
Read our new practical guide to reducing digital risk.
New report recognizes Digital Shadows for strongest current offering, strategy, and market presence of 14 vendors profiled
Read Full Report
This morning, the British Broadcasting Corporation (BBC) published an article detailing how online actors had obtained and advertised at least 81,000 Facebook user accounts for sale. Digital Shadows assisted the BBC with its investigation, which included verifying the dataset in question. With so much confusion around the origins of these accounts and the potential impact on Facebook users, here are five things to know that will help you cut through the noise:
Figure 1: FBSaler post published on BlackHat SEO forum
Digital Shadows cannot confirm whether the seller genuinely has access to the 120 million accounts that they claim. We have only been able to analyse the 250,000+ profiles provided to us as part of this investigation. While unconfirmed, it would be unlikely that the compromise of such a large number of accounts (over 5% of Facebook’s entire active userbase) would go unnoticed by Facebook.
The title of the data repository we analyzed claimed it was a Cambridge Analytica archive. With no evidence to corroborate these claims, it seems the seller was merely attempting to make the dataset more attractive by using the Cambridge Analytica name.
In September 2018 Facebook announced that at least 50 million user accounts might have been at risk after a bug allowed attackers to obtain access tokens. Facebook stated it had reset access tokens of all users affected. It also claimed its investigations had not indicated that the tokens were used to access private messages or posts related to these accounts. At this moment, there is nothing to suggest the 257,256 profiles we observed are associated with the aforementioned bug.
Political motives seem at odds with how this data is publicly available unless the data was stolen or subsequently passed on from those who originally collected it. Regardless of attribution, motives and the method of collection, the exposure of private messages where people share information they would not usually post publicly on their Facebook feeds is a potentially worrying development. Sensitive information may be used for extortion of identity fraud, while it’s not unheard of for individuals to share financial information such as banking details over private messages.
That said, this discovery should not be a cause for paranoia or unnecessary hysteria. It’s important to remember that simple security precautions still apply. Not reusing passwords across sensitive accounts (personal and business emails, social media sites, and online banking) and making sure these aren’t easy to guess are still effective ways of mitigating account takeovers. Facebook also enables two-factor authentication, which is another measure you’d be remiss to ignore.
We’ve also recorded a ShadowTalk podcast episode on this topic. Listen here:
To stay up to date with the latest digital risk and threat intelligence news, subscribe to our threat intelligence emails here.