It might just be a big coincidence, but on the same day that the Facebook had its biggest downfall a long time ago, the news emerged that the data of more than half of its users were put up for sale on a hacker forum of the Dark web.

The information was collected by the security website Privacy Affairs, which confirmed that the data, which was announced in September, is still on sale today. According to the investigated, sellers on the forum accept partial sales. A potential buyer was offered to register 1 million users for $5.


According to the sellers, they have a database of 1,5 billion (out of 2,9 billion) of Facebook users. They still say they have an old business, with 18 thousand customers already served.

Several examples of the data have been submitted by sellers and confirmed as true by Privacy Affairs. The records contain the following information:

  • Your name
  • E-mail
  • Address
  • Genre
  • Phone number
  • User ID

It's not entirely certain that the sale is actually happening. Privacy Affairs further claims that one of the users complained about having paid and not received anything, and that the sellers did not defend themselves.

Facebook has not been hacked to leak

Data were not obtained by hacks. These are records that are the result of scraping (“scraping”), a process in which bots collect information that has been carelessly left available. In this case, it is information that can be seen on the pages of anyone who maintains their profile as public (or could be of all Facebook users).

While Facebook's data isn't the product of a hacker invasion, it's still extremely useful to malicious figures: spammers, scammers and cyberbullies.

Spammers have with it a huge, localized list of emails they know to be active. A personalized spam email with name, address and treatment by gender is much more efficient.

Bullies may, in possession of their telephone numbers and addresses, take mass actions against individuals, including physical threats.

And, perhaps what has the greatest potential to cause problems, scammers use public personal information to social engineering attacks. They pretend to be a person with knowledge about the victim, who doesn't realize how easy it is to obtain that knowledge, as he has left himself open to the public.

An example is when a criminal looks at someone's list of relatives on Facebook and fakes a lightning kidnapping, using real names and other details left in public by the victim. The other is pretending to be a bank employee or service providers, obtaining passwords, photos of documents and even money transfers from victims.

The tip is always: don't make your Facebook profile public.

ATUALIZAÇÃO 05/10/2021 18:35

Facebook's communication team got in touch to give the company's side. Spokesman Jason Grosse says: "We are investigating the allegations and have submitted a removal request to the forum in which the alleged data is being announced."

Read more:

You’ve already watched our videos on YouTube? Subscribe to our channel!