Facebook Marketplace database out in the wild, hackers claiming 200,000 users


A hacker on Breach Forums, an illicit marketplace, has shared private personal information records that were allegedly stolen from Facebook Marketplace.

They claim that the partial Facebook Marketplace user data was obtained in October 2023 by a cyber criminal known as "algoatson" on Discord, who ”breached a contractor that manages cloud services for Facebook and stole its partial user database of 200,000 entries.”

The data was shared by a threat actor referred to as “IntelBroker,” who is infamous for other big leaks, including stolen data from General Electric, the US Citizenship and Immigration Services (USCIS), US cellular carriers, and other high-profile attacks.

The sample provided includes full names, hashed passwords, links to profile pictures, Facebook IDs, emails, phone numbers, languages, and other attributes such as average rating, number of ratings and reviews, and profile settings. The hacker claims that the compromised data includes Physical IDs.

The database, which was first made public on February 11th, includes 24,127 email addresses with other compromised data, Hacread.com confirmed.

Cybernews reached out to Meta for a comment but has yet to receive any additional information at the time of writing.

This is not the first time that Facebook has been involved in data leaks. In 2022, a database containing 533M Facebook users’ data records surfaced on the internet for free. Facebook has been long criticized for letting third parties collect or scrape its user data, with Cambridge Analytica being the most prominent scandal.

The looming danger of such private personal information being leaked is that it may leave a lasting effect on people's lives. Threat actors leverage collected information for phishing attacks, malicious emails, and conducting other convincing attacks against individuals whose information was left exposed.

Cybernews is constantly updating the data leak checker to include information from various leaks.

Users are strongly advised to stay vigilant and take care of their cyber hygiene. Use strong, hard-to-guess passwords, enable multi-factor authentication on all important accounts, keep an eye out for phishing and spear phishing attempts, check for password duplicates, and immediately set up new protection for accounts that share the same passwords.