An Internet user claims to have in his possession a file containing the personal information of 1.5 billion Facebook accounts. However, the size of this database is a source of doubt.
On October 4, 2021, while Facebook was undergoing one of the biggest failures in its history, several media were concerned about an alleged “hack” targeting the social network. The personal information of 1.5 billion Facebook accounts has been put up for sale on the net, alerted the site PrivacyAffairs.
These data would have been obtained through the scraping of Facebook pages. They would constitute “lhas the largest amount of Facebook data ever released », According to the English-speaking media. However, several elements cast doubt on the veracity of this story.
A file on sale for a long time
While PrivacyAffairs was moved by the release of such a database on October 4, 2021, the file is believed to have been on sale on the web for much longer.
Going back through the pages of the forum from which the case started, we can see that the very first message concerning the sale of such a file dates from September 22, 2021. It would therefore be almost two weeks for a a file containing personal information on more than half of the world’s Facebook accounts is said to be freely available on the internet. Without it provoking a reaction anywhere.
By digging a little further, we can find even older traces of this file. Marc Ruef, a cybersecurity specialist, explained on September 7 that he had come across a similar offer on the darkweb.
As scraping Facebook data becomes harder some long-time actors are willing to sell their huge bulks on the darknet. The latest announcement contains 1.5 Billion entries and exceeds very much what we have seen so far. #Facebook #api #leak #breach #darknet pic.twitter.com/ZhCQ7menhf
– Marc Ruef (@mruef) September 7, 2021
Stolen database trading is not a practice that many people brag about. However, that such an offer has been around the web for a month without worrying anyone seems surprising.
Numerous accusations of scam
To make matters worse, on the forum where the file is sold, many regulars are crying out for the scam. A member explains that he transferred the money to the seller on September 9, 2021, but has never received anything since. On another forum, we find similar testimony from another Internet user. The latter explains that he was ripped off to the tune of 1000 €, by the company behind it all. After payment, the seller simply stopped responding to these messages. ” I don’t believe they ever intended to provide the email list », Writes the annoyed buyer.
” I don’t believe they ever intended to provide the email list “
As scams are plentiful in the field, many forums assign “trust” scores to members who share such files. In this case, the seller seems to have a very bad reputation. Several people accuse him of scam, directly on his profile. At the same time, accounts with a lot of weight denounce ” an unreliable offer at all“.
A gargantuan file
Finally, the size of the file itself casts doubt on its authenticity. Even with efficient scraping tools and the resources of a company, it is not easy to build a database of this size. Especially since, according to the ad found on the darkweb, the tool has stopped working since the beginning of September.
Collecting emails from half of the world’s Facebook accounts would already be quite a feat. It seems almost unrealistic to be able to obtain location records and telephone numbers as well.
It is possible that this database, if it really exists, is made up of information from other hacks. This would considerably reduce its value since part of the information would already be available elsewhere on the net. Probably for much less elsewhere.
To put it simply, this file seems too big to be true. This case reminds us, however, that we must be careful when posting personal information on the internet.