Stolen social networking accounts really are a hot commodity on Black Internet marketplaces. The average Facebook accounts sell for about $74.50, which makes the social network a priority goal for phishing scams and cybercriminals.
Phishing campaigns make it simple to steal large amounts of login credentials at the same time. All scammers need to do is create a fake login page and trick victims into registering up in.
If cybercriminals are not careful with their stolen information, they can easily blow their whole operation. A group of cybercriminals discovered this the hard way after hosting hundreds of thousands of Facebook logins on an unprotected database. Cybersecurity isn’t just for the good guys, after all.
A botched phishing project leads Facebook into a ring of cybercriminals
Security investigators with VPNmentor discovered an unsecured database containing hundreds of thousands of stolen Facebook logins. The credentials were stolen as part of a widespread phishing performance targeting Facebook users with fake landing pages.
The researchers, who shared their findings with CNET, though the natives used websites that offered fraudulent solutions to Facebook users, like reports on who lately visited with a consumer’s page.
The huge amount of users in the database is shocking enough, but the scammers made a deadly mistake throughout their data heist: They forgot to bring a password for their treasure trove of stolen info.
Anyone with an internet browser could easily get into the stolen database, which included millions of consumer records. VPNMentor researchers consider the accounts were used to mislead even more victims of joining a cryptocurrency scam.
The botched safety of the database gave investigators everything they had to report their findings to Facebook. The database is no longer online, and Facebook pushed password resets for affected users.
Am I affected? What if I do?
If your data was included in the connection, Facebook may have already reached out to you with a password reset request. If Facebook compels a password reset, you won’t be able to log in again until you create a new password.
Even when you were not a victim, it’s always a good idea to reset your password. Any phishing efforts or brute-force attempts won’t have the ability to stay informed about your accounts if you do.
For extra security, we’d also suggest activating two-factor authentication to your Facebook account. After 2FA is initiated, you’ll automatically know when someone attempts to log in with no consent.
With a stronger password and two-factor authentication turned on, you are already smarter than the cybercriminals running this failed phishing campaign. If only the remaining cybercriminals out there were that this careless. Then they may not be such a danger anymore.