Over 100,000 Facebook account credentials were compromised in a global scam


By CAPosts 18 November, 2020 - 11:07am 70 views

A database

Elasticsearch improperly configured and operated by cybercriminals left exposed usernames and passwords of more than 100,000 Facebook users, according to research unveiled by the company Eset Cybersecurity .

This allowed exposure discover a deception campaign aimed to users of the social network and entered their accounts through a tool that supposedly revealed to the victims who had seen their profile and whose ultimate goal was to steal their credentials.

Although it is not known exactly how victims get to these fake sites that promise to reveal who visited their Facebook profile, 29 domains were found that are part of a network of sites used for this purpose. These sites included, for example, messages such as “Your profile received 32 visits in the last two days. Continue to see the list ”. Then, if the victim clicked on a button that says "open the list" they would be directed to a fake Facebook login page and would be asked to enter their access credentials to the .

platform . Once entered, the credentials are stored in the database controlled by the attackers and then start with the other phase of the malicious campaign: comments on victims' accounts that contain links to sites that are part of a fraudulent scheme operated by cybercriminals.

These sites directed victims to different types of disreputable and some legitimate pages. The mixing of sites was a strategy to evade detection mechanisms and avoid being blocked , but according to the researchers, the main objective was to direct victims to sites where users were invited to register for a free account of Bitcoin trading and deposit 250 euros to start. If the deposit was made, the money would end up in the hands of cybercriminals.

Among the data stored in this Elasticsearch instance, the following were identified:

1. Usernames and passwords of between 150,000 and 200,000 Facebook accounts, in addition to IP.

addresses 2. Personally identifiable information (PII) of victims, such as email addresses, names, or phone numbers.

3. Texts used by scammers when posting comments on compromised accounts to target victims to malicious sites

What to do to guard against this type of deception

In case of suspecting that you have been a victim of this or another type of deception, it is essential to change the password of Facebook as well as of all other sites where use the same password. It is also important to activate the second factor of authentication , says the security company. You also have to remember that you should never enter confidential data or access credentials if you are not sure you are on the official site.

“We take the opportunity to recommend that users not use the same password in more than one service . To avoid headaches having to remember each of the passwords used in each account or service, we recommend using a password manager ”, says Camilo Gutiérrez Amaya, Head of the Research Laboratory at ESET Latin America.

It is also important to maintain all the systems updated operations as well as having reliable security solutions and being informed about the deceptions that are carried out to know how to protect yourself.

Related News

Facebook Hackers Cybersecurity Social networks