Personal data belonging to Facebook Marketplace users has been published online, according to BleepingComputer.
A cybercriminal was allegedly able to steal a partial database after hacking the systems of a Meta contractor.
The leak consists of around 200,000 records that contain names, phone numbers, email addresses, Facebook IDs, and Facebook profile information of the affected Facebook Marketplace users. BleepingComputer was able to verify the some of the data.
Marketplace was introduced by Facebook in 2016 and quickly became a popular platform to sell items to local buyers. It’s often preferred over other marketplaces because you can find or sell items locally that would be too expensive to ship, but you can easily pick up yourself.
Smaller businesses also use it as well to get their ecommerce side of the business started. Statistics say that every month, on average 40% of Facebook users are Marketplace users, and an estimated 485 million or 16% of active users log in to Facebook for the sole purpose of shopping on Facebook Marketplace.
Depending on the buyer of the leaked data, both the email addresses and the phone numbers could be used in phishing attacks. Phishing is the art of sending an email with the aim of getting users to open a malicious file or click on a link to then steal credentials. The combination of email addresses and phone numbers could also be used in SIM swapping attacks.
SIM swapping, also known as SIM jacking, is the act of illegally taking over a target’s cell phone number. This can be done in a number of ways, but one of the most common methods involves tricking the target’s phone carrier into porting the phone number to a new SIM which is under the control of the attacker. Having control over or access to the victim’s email combined with the knowledge of the associated phone number makes a SIM swap relatively easy.
