In a recent development, the notorious threat actor known as IntelBroker has claimed responsibility for leaking a partial database of the Facebook Marketplace. The breach, reportedly conducted by another cybercriminal under the alias “algoatson,” occurred in October 2023 but was only made public on Sunday, February 11, 2024.
According to IntelBroker’s disclosure on Breach Forums, the hack targeted a contractor responsible for managing cloud services for Facebook, resulting in the theft of approximately 200,000 entries from the user database. This compromised data includes sensitive personal information such as full names, Facebook IDs, phone numbers, physical IDs, and Facebook profile settings of the affected users. Notably, 24,127 email addresses are among the leaked information.
It’s important to highlight that while passwords were not compromised, this breach poses significant risks to Facebook Marketplace users, including potential identity theft and phishing attacks.
IntelBroker, known for previous high-profile cyber attacks including leaking sensitive US Department of Defense documents in December 2023, has a history of breaching organizations and selling stolen data on underground forums. Efforts to establish communication with “algoatson,” the alleged perpetrator, have been unsuccessful at this time.
This incident adds to the cybersecurity concerns surrounding META’s Facebook platform. In the past, Facebook has faced similar breaches, including the leak of personal data of over 500 million users in April 2021 and the exposure of data from 267 million users in December 2019.