data breach
Facebook Marketplace is a feature within Facebook, a social media platform operated by Meta Platforms, Inc. Launched in 2016, Facebook Marketplace allows users to buy, sell, and trade items within their local communities. With millions of users worldwide, Facebook Marketplace has become a prominent platform for peer-to-peer commerce.
Breach Details
- Date of Breach Announcement: February 11, 2024
- Data Compromised: 200,000 Facebook Marketplace records, including:
- Email addresses (77,000 unique emails)
- Geographic locations
- Names
- Phone numbers
- Facebook profile IDs
- Social media profiles
- bcrypt password hashes (note: there is no confirmation these belong to the corresponding Facebook accounts)
Source of the Breach: The data allegedly originated from a Meta contractor in October 2023 and was later posted on a popular hacking forum. The leak was shared by a hacker known as "alogatson" and posted on BreachForums by the user "IntelBroker," a known moderator on the platform.
Threat Actor Profile
- Alias: IntelBroker
- Forum Presence: IntelBroker
- Activity: IntelBroker is a well-known figure on BreachForums, often involved in the distribution of leaked databases and sensitive information. The breach was also cleaned and re-shared by another forum user, "ygrek."
Impact Analysis
- Affected Users: Approximately 200,000 users on Facebook Marketplace
- Risk Exposure:
- Personal Information: The exposure of names, emails, and phone numbers could lead to phishing attacks, identity theft, or unauthorized access to other accounts linked to the email addresses.
- Location Data: With geographic locations included, affected individuals may be vulnerable to physical security risks.
- Password Security: Although bcrypt password hashes were leaked, there's no confirmation these hashes belong to corresponding Facebook accounts. However, users who reuse passwords across multiple sites are at risk if their passwords are cracked.