Web Scrapers Claim to Possess and Sell Personal Data on 1.5 Billion Facebook Users on a Hacker Forum

Miklos Zoltan

By Miklos Zoltan . 21 November 2021

Founder - Privacy Affairs

54 Comments

The private and personal information of over 1.5 billion Facebook users is allegedly being sold on a popular hacking-related forum, potentially enabling cybercriminals and unscrupulous advertisers to target Internet users globally.

If authentic, this may constitute one of the biggest and most significant Facebook data dump to date.

Update – 6 October: The thread advertising the claimed data scrape has disappeared from the hacker forum.

The forum poster and alleged seller however was not banned (usually what happens when scam allegations turn out to be true).

It is possible the thread was taken down due to a request by Facebook:

Joe Osborne, a Facebook spokesman, commented to Newsweek, “We’re investigating this claim and have sent a takedown request to the forum that’s advertising the alleged data.”

Update – 5 October: The forum seller has today responded and denied the scam accusations, continuing to claim that the data is real. The seller commented they are willing to cooperate with administrators of the forum to prove the authenticity of the data.

Yesterday, a number of forum posters accused the seller of not delivering the promised data after payment was made.

Important Clarification: This is completely unrelated to the global Facebook outage experienced on 4 October 2021.

Several websites and Twitter accounts incorrectly attribute the 4 October Facebook outage to this alleged data leak.

Further Clarification: It’s alleged that the data was obtained by scraping publicly available data shared by users. Several media outlets and Twitter users misinterpret this to have resulted due to a hack or data breach, which is not the case.

It is seemingly unrelated to an earlier 2021 Facebook data dump, where 500 million users were affected.

Highlights:

  • Data scrapers are selling sensitive personal data on 1.5 billion Facebook users.
  • Data contains users’: name, email, phone number, location, gender, and user ID.
  • Data appears to be authentic.
  • Personal data obtained through web scraping.
  • Data can be utilized for phishing and account takeover attacks.
  • Sold data claimed to be new from 2021.
  • Some prospective buyers claim they were scammed by the seller and no data was delivered after payment was made
  • Seller responds to scam accusations. Claims is willing to cooperate with forum administrators to prove the authenticity of the data

In late September 2021, a user of a known hacker forum posted an announcement claiming to possess the personal data of more than 1.5 billion Facebook users. The data is currently up for sale on the respective forum platform, with potential buyers having the opportunity to purchase all the data at once or in smaller quantities.

One prospective buyer claims to have been quoted $5,000 for the data of 1 million Facebook user accounts.

According to the forum poster, the data provided contains the following personal information of Facebook users:

  • Name
  • Email
  • Location
  • Gender
  • Phone number
  • User ID

Update, 5 October: The forum seller denies the scam accusations and claims is willing to cooperate with forum administrators to prove the authenticity of the sold data.

Facebook Data Leak

Update, late 4 October: After this news was initially published, a forum user and prospective buyer claimed they paid the seller but haven’t received anything in return. The seller hasn’t yet responded to these accusations.

All we know at this moment is that the multiple samples provided to forum users appeared to be real.

Personal Data Facebook Drak Web

Samples presented on the forum show that the data indeed seems to be authentic.

Cross-checking them with known Facebook database leaks resulted in no matches, implying that at first glance, the sample data provided is unique and not a duplicate or re-sell of a previously known data breach or scraping.

The seller claims to represent a group of web scrapers in operation for at least four years, alleging that they’ve had over 18,000 clients during this time.

Sold Facebook Personal Data

Data Obtained by Scraping

The traders claim to have obtained the data by scraping rather than hacking or compromising individual users’ accounts. Scraping is a process of web data extraction or harvesting where publicly available data is accessed and organized into lists and databases.

Additional Privacy Affairs guides:

Roobet VPN – How to use Roobet with a VPN
New Jersey VPN – Change your IP address to that of New Jersey
New York VPN – Change your IP address to that of New York
Best VPN for Mac – Picking a VPN for Mac
Disney Plus VPN – Unblocking Disney Plus with a VPN
Best VPN for Android – How to pick a VPN for Android
Best VPNs – How to choose a VPN

While technically, no accounts have been compromised, this is little solace to those whose data may now end up in the hands of unscrupulous internet marketers and likely also in the hands of cybercriminals.

Unethical marketers may utilize this data to bombard specific individuals or groups of individuals with unsolicited advertising.

The fact that phone numbers, real-life location, and users’ full names are included in the data is especially concerning. In addition, SMS and Push notification spam are becoming increasingly more prevalent even though most countries made these practices illegal many years ago.

Facebook Data Leak

Data Can be Used to Jeopardize Users’ Security

For example, hackers can use the scraped data to conduct sophisticated phishing attacks or social engineering attacks.

Identifying individual users’ phone numbers makes it possible for cybercriminals to send fake SMS messages to affected users pretending to be various entities such as Facebook itself or even banks.

Users will then be invited to click on a link to either claim a prize, update their security settings, change their passwords, or do something similar.

After accessing the link, they will be redirected to a cloned version of the website the perpetrators pretend to represent. Then, if the user enters their actual current password, the cybercriminals will be able to hijack the affected account.

This is how Facebook accounts and even online banking logins are sold on the dark web for as cheap as just $10.

How is Facebook Data Scraped?

Scraping is the process of automatically collecting publicly available and accessible data online with the help of computer programs.

The majority of such data is obtained from simply scrapping Facebook profiles that have been set to “Public” by their owners. Unfortunately, the vast majority of personal information is freely shared and made available to the general public by Facebook users themselves.

Another popular – but illegal – method of data scraping is through fake Facebook surveys or quizzes.

Every Facebook user has seen a post such as “Find out your Game of Thrones Lookalike with this Survey” or “Take this Quiz to Find out When you Will Get Married,” etc. Usually, these are schemes to obtain users’ personal data.

Every time someone enters one of these surveys or quizzes, they permit the creators of these games to view their personal Facebook information such as full name, email, phone number, location, gender, and more.

Facebook Users are Advised to Enhance their Security

It’s generally not recommended for Facebook users to set their accounts to be fully public.

Similarly, one should never enter random quizzes, surveys, or games on Facebook unless offered by a known and verified publisher. Almost always, these are, sadly, schemes used for data mining and scrapping.

Facebook Data Scraping

54 Comments

  • ▶️ Leaked Documents Expose Facebook

    January 23, 2022 9:48 pm

  • Lashonda Whitt

    November 2, 2021 9:50 am

    I am a victim of being hacked on Facebook & Instagram, sad to say, Facebook really doesn’t GAF about us… We create an account that gave us our 1ST amendment rights now they have taken all of that away. Millions of users are hacked and once you informed them they don’t reply and/or locked your page up. They never go through the security prompt that many online companies has, instead they claim they don’t have anyone to investigate BUT let you post or comment something that goes against their community standards they’ll restricted your account quickly even if you’re not being reported. Facebook has became a joke & def no longer interested. We use these public forums to stay in contact with long distance familiea and friends but I’m done with it…. They can vanish quickly just like MYSPACE did

  • Taki

    October 27, 2021 4:11 am

    Not happy about what this corrupt government is doing

    • soups

      November 29, 2021 1:30 am

      It’s private power that’s doing this.

  • Yathish Reddy

    October 22, 2021 1:54 pm

    My account has hacked so I want it back
    And they are not giving my account back so

  • Yathish Reddy

    October 22, 2021 1:53 pm

    My account has hacked so I want it back

  • Anonymous

    October 6, 2021 3:50 pm

    Facebook? What’s that? Some dating app for 60 year olds?

  • Jabber

    October 5, 2021 9:57 am

    Don’t see why or how you should be held to account for informing publics around the world of hacks or scrapes. Facebook should have a responsibility to informing their ‘users’ ‘customers’ those who are being used of breeches and security issues – earlier in year when they got the 500million hack they merely said in official response to journalists “no comment” of course along with how Suckberg originally described the used using his FB should tell people enough…

  • Martin

    October 5, 2021 6:07 am

    Such articles does spread very fast especially while the service is off 🙂 Many people tried to figure out what has happened with Facebook and have found the links, so me. A lucky shot for the webmaster ))

    • Miklos Zoltan

      October 5, 2021 6:18 am

      Wouldn’t call it lucky. Kept getting comments and emails non-stop, most completely misunderstanding and misrepresenting what all of this was about.

      I kept editing and re-editing the article for hours yesterday trying to make it clear it’s unrelated to the outage and avoid any confusion.

      People apparently don’t read past the headline. I ended up modifying that too – unsure if it made a difference though.

      Then started getting comments and messages alleging that clearly the site was ordered to change the story and was censored. 🙂 You just can’t win. People just want to believe.

      This story was also posted about 12 hours before the outage, we had no idea this would happen. Honestly expected this to be read by maximum 100 people.

      I’m still trying to wrap my head around how – and more importantly why – this blew up this big, especially considering it was made very clear multiple times this had nothing to do with the outage.

      Most unfortunate timing indeed and definitely not happy about it despite the views the site got.

      • Jesko Puga

        October 6, 2021 8:56 pm

        Thank you for taking your time to try to get people to understand. It is appreciated by some.

      • Angela

        November 1, 2021 6:28 pm

        I am one of those people! I have a HUGE newsworthy story that I have sent to CNN and Lessig the attorney of the whistleblower. I would like to contact you but don’t feel comfortable putting my email on this thread. How can we talk?!

      • Angela

        November 1, 2021 6:35 pm

        Ok. I am Angela. Just replied but was unsure about adding my email until I saw that it wasn’t published at the bottom. I was one of those hacked and I have a huge story that should be made public. I already contacted CNN and Lessig, the attorney of the whistleblower! That was just today so no response yet. I would love to share my story with you!

        • Miklos Zoltan

          November 1, 2021 7:13 pm

          Hi.You can send us a message to the email address shown on our contact page. Thanks.

  • garyt

    October 5, 2021 3:11 am

    Scraping public data from a wesite is not technically a hack

    • Miklos Zoltan

      October 5, 2021 6:37 am

      It is not. It’s stated very clearly in the article.
      Also it might turn out this may have just been a scam. Several forum users claim they paid and the seller didn’t deliver.

    • Crawler

      October 5, 2021 8:37 am

      If you have 1.5Billion users data it’s a hack, not scraping or crawling, spiders or whatever. You can try to make an account, do it and the user will be blocked in a few time. Your queries must be balanced with more than one user and time lapsed so to get the info of 1.5Billion ppl you will need a life without hacking.

  • Atsalyahu ben David

    October 4, 2021 11:28 pm

    Well, with your disclaimer or not. Chances are you are looking at a Censor, but you know that, hence the disclaimer. You cannot possibly expect two things clearly potentially related to be anticipated as a coincidence. The only coincidence is the timing, not the facts.

    • Miklos Zoltan

      October 5, 2021 6:38 am

      This was posted 12 hours before the Facebook outage.

      Also if you look at the forum screenshots you can see the seller made that post on 22 September.

      It’s very easy to verify that the two things are unrelated.

  • Mohamad

    October 4, 2021 8:36 pm

    Thake the old data ther is complet DNS so Return from the Update the WhatsApp
    Much luk for You

  • Mohammad

    October 4, 2021 8:28 pm

    They must only return the lostet Update from WhatsApp and take the old DNS i m think

  • DontKnow

    October 4, 2021 7:57 pm

    Its a scam read the thread lol

    • Miklos Zoltan

      October 4, 2021 7:58 pm

      Yes, that’s what a forum user claims.

      It’s mentioned in the article.

  • .

    October 4, 2021 7:55 pm

    Raid Forums isn’t on the darknet either. It’s definitely on clear net and easily googled. Darknet refers to the deep web marketplaces. Download TOR and try it yourself.

  • Anonymous

    October 4, 2021 7:39 pm

    SIGNAL is the way to use !

    • Nightsong

      October 4, 2021 9:44 pm

      My man speaks the truth. Signal is the superior messaging platform. Preach it brother

      • Anonymous

        October 4, 2021 10:57 pm

        Signal is crap .It is so inferior to others

        • Does it matter?

          October 6, 2021 12:07 pm

          Whatever your opinion is on Signal, at least you don’t have to worry about data leaks. It’s nice to be able to talk or video chat and not worry who is watching you. Signal is one of the safest sites out there. Problem is people are used to what they are used to. While many waited for FB or whatsapp to come back online I was doing what I do on Signal.

    • Nightsong

      October 4, 2021 9:46 pm

      Preach the truth !!

  • Matt

    October 4, 2021 7:15 pm

    Great Article man! Sorry it had to blow up during the time of the facebook outage and whistleblower stuff. It seems like people are seeing it as “Hackers” took down facebook and then leaked their database!

    I hope people are at least reading the article! Great stuff!

    • Miklos Zoltan

      October 4, 2021 7:16 pm

      Yeah I did not expect this. I didn’t even think anyone would see this post apart from a couple of people who follow us on Twitter.

      Really awkward timing. Obviously this is completely unrelated to the current outage and may even turn out to be a scam or fake.

      I added some clarification into the article.

      • Zsuzsanna

        October 4, 2021 7:32 pm

        Ugyes vagy gratulalok!

      • Tracy

        October 4, 2021 8:04 pm

        Phenomenal article. I especially appreciate your clarifications. The timing is incredibly interesting. *runs to check out conspiracy theories because, maybe, … aliens.

        • Miklos Zoltan

          October 4, 2021 8:06 pm

          Yeah super awkward timing.

          I actually saw that forum thread on Saturday and wrote the article but only posted this morning wanting to wait and see how that thread develops.

          Then later Facebook went down.

          It’s really completely unrelated though.

          That forum thread was opened on 22 September by that alleged seller (who might not even be real in the end).

  • please

    October 4, 2021 6:59 pm

    hello can you drop the link please i can check if its a legit or a scam i have on my disk the first leak

    • Miklos Zoltan

      October 4, 2021 7:00 pm

      It’s mentioned in a comment below.

      I’m not sure what to believe yet at this point.

      They claim it’s from scraping and not from a leak.

  • J

    October 4, 2021 6:55 pm

    Detalhe que os prints são de Setembro né

  • A

    October 4, 2021 6:52 pm

    Complete and utter bullshit. Went to the actual forum (Raid Forums), found the thread, and it’s just a scammer that scammed 2 people already. Stopped spreading hysteria to get more VPN sale commissions. Fucked up.

    • Miklos Zoltan

      October 4, 2021 6:55 pm

      Those forum comments didn’t exist when this post was made (yesterday).

      I’ve added an update to the article with the scam accusations.

  • 0xy4nn0xx

    October 4, 2021 6:49 pm

    do u have link of the forum i try to check if its a legit or a scam

  • Anon

    October 4, 2021 6:46 pm

    What was the forum they were using pictured in this article?

  • Kimmo

    October 4, 2021 6:41 pm

    Thank god Vicewrld website & tg is still working 👍

  • Kimmo

    October 4, 2021 6:39 pm

    Thank god @viceworld is still working..💎🙌

  • Simi

    October 4, 2021 6:39 pm

    Szia Zoltán. Köszi az infót.
    Mit tanácsolsz, miután vissza áll a rendszer?
    Gondolom érdemes jelszót változtatni, de ezen kívül bármi más?

    Van üzleti fiókom is a Facebookon és Instán is.

    Köszönöm válaszod.
    Simi

  • digital ghost

    October 4, 2021 6:28 pm

    hahah DNS for facebook.com still not pointing anywhere. I don’t think it’s a scam.

    • Miklos Zoltan

      October 4, 2021 6:34 pm

      It’s just a coincidence. 🙂

      This is unrelated to the currently ongoing Facebook outage.

      • morphine

        October 4, 2021 10:44 pm

        I got the WhiteHouse DNM complete users, admins some vendors. some take it way more seriously than others. I also have the current owner of Monopoly and the original creater.

        I’m on dread

  • P Griffin

    October 4, 2021 5:29 pm

    it looks like this was merely a scam, another forum user claims to have paid for it and never received the data

    • Miklos Zoltan

      October 4, 2021 5:33 pm

      Could be. But I’m interpreting that comment to refer to a different sale of that user, as the one accusing them of scamming said they paid on 9/9/21 but the thread was created on 22/9/21.

      The samples were legit though and the guy was able to send multiple packages on demand on different countries when asked.

      Also they really seem to be a real scarping operation in business for years, looking at their profiles on various sites and such.

      Going to check back and see how this develops.

      • D Webb

        October 4, 2021 6:48 pm

        I think he meant 29/9/21

        • Miklos Zoltan

          October 4, 2021 6:52 pm

          He then says he was expecting a refund in 7-14 days but didn’t get it yet, so I don’t think it’s 29/9.

          I can see why people are skeptical, 1.5b database is a bold claim.

          But considering this is just scraping it might not be that far fetched.

          This is just data people shared themselves publicly and then someone made a bot to scrape all of that.

  • Jesus Franco

    October 4, 2021 4:50 pm

    Maybe it’s time to move to a decentralised platform like Matrix (Element is a really nice client!)

    • Sistem

      October 4, 2021 6:50 pm

      Sure it is

    • Riad

      October 4, 2021 8:15 pm

      Is it authentic?

Leave a Repy to Angela Cancel