Exclusive: Hacker selling 500 million Facebook user data from 82 countries

The entire database is being sold for $30,000 on a hacker forum.

Article updated with additional information.

Last month a hacker was selling 267 million Facebook user data on a dark web marketplace. Now, a hacker or call them a threat actor is claiming to have access to a database with 500 million Facebook user data from 82 countries.

What’s worse is that the data is currently being sold on an infamous hacking forum, Hackread.com has learned.

See: Personal data of 12 million Facebook users exposed online

As seen on the forum, the hacker has been offering the treasure trove of data since May 15th, 2020 and includes personal information such as,

Names
Gender    
location
City name
Surnames
Actual job
Marital status
Mobile number
Email addresses
Facebook profile links

Furthermore, the hacker has divided the price of the data into three parts, for instance, $1500 per million, $450 per 100,000, and $30,000 for 500 million for the entire database. The listing also states that the information in the database was stolen between November 2019 to May 2020.

As for the users’ location and the number of data being offered, here is the full list:

Afghanistan 500,000 
Albania 500,000
Algeria 11,800,000
Argentina 2,300,000
Austria 1,200,000
Australia 7,300,000
Bahrain 1,600,000
Bangladesh 3,800,000
Belgium 3,100,000
Bolivia 2,900,000
Brazil 8,000,000
Brunei 200,000
Bulgaria 250,000
Cameroon 1,900,000
Canada 3,400,000
Chile 6,800,000
China 670,000
Colombia 17,900,000
Costa Rica 1,400,000
Croatia 650,000
Cyprus 100,000
Czech Republic 1,300,000
Denmark 630,000
Ecuador 310,000
Egypt 44,800,000
Finland 1,300,000
France 19,800,000
Germany 6,000,000
Ghana 1,000,000
Greece 610,000
Guatemala 1,600,000
Hong Kong 2,900,000
Hungary 370,000
India 6,100,000
Indonesia 130,000
Iran 300,000
Iraq 17,000,000
Italy 35,600,000
Jamaica 380,000
Japan 420,000
Jordan 3,100,000
Kazakistan 3,200,000
Kuwait 4,460,000
Lebanon 1,800,000
Libya 4,400,000
Lithuania 200,000
Luxemburg 180,000
Macao 410,000
Mauritius 840,000
Mexico 13,300,000
Morocco 18,900,000
Namibia 400,000
Netherland 5,400,000
Nigeria 11,630,000
Norway 470,000
Oman 5,000,000
Palestine 3,300,000
Panama 1,500,000
Peru 8,000,000
Philipinnes 890,000
Poland 3,200,000
Portugal 2,200,000
Puerto Rico 130,000
Qatar 2,500,000
Russia 9,900,000
Saudi Arabia 28,800,000
Serbia 162,000
Singapore 3,000,000
Slovenia 220,000
South Africa 14,300,000
Spain 10,800,000
Sudan 9,400,000
Sweden 1,000,000
Switzereland 1,500,000
Syria 6,900,000
Taiwan 730,000
Tunisia 6,200,000
Turkey 19,500,000
United Arab Emirates 6,900,000
United Kingdom 11,500,000
Uruguay 1,500,000
Yemen 7,200,000

So far it is unclear if the database has got any seller at all. However, it is worth noting that Hackread.com strictly stands against selling or buying user data. 

See: 70% of the entire US population is now on Facebook

The sample data seen by Hackread.com suggests that the database has been stolen from a misconfigured database or bought from a third-party marketing firm.

Remember, third-party firms can use data scrapping, a fairly common practice to extract the personal information of users from websites like Facebook or Twitter.

Facebook in particular allows users to access third-party websites by using their existing Facebook login information. This information can be accessed by cybercriminals in case proper security measures are not implemented. For instance, malicious elements can use ‘scraper bots’ to extract private information anonymously.

Nevertheless, the victims of the breach are yet again unsuspecting Facebook users who are now open to phishing scams, smishing attacks (SMS phishing), and identity theft using publically available photos on their profiles, etc.

See: Stolen: Unencrypted hard drives with data of 29,000 Facebook employees

If you are on Facebook, make sure to limit the information you share with the public. Also, keep your personal photos only accessible to those in your friend lists rather than public. Or you can simply learn how to permanently delete your Facebook account.

Update: 

Hackread.com has learned that the seller has been scamming buyers over Facebook data and has been banned from the hacker forum. However, Hackread.com still confirms that the sample data shared by the seller/scammer contained legitimate information.

Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.