The database was owned by cybercriminals who hacked Facebook accounts and used them for credit card and Bitcoin scams.
Facebook has been criticized several times for harboring criminals engaging in malicious activities on its platform, even if it’s unintentionally. In the latest, researchers from vpnMentor have reported on another case where a phishing and credit card scam was caught on Facebook with over 100,000 victims across the world.
The scam was run through a tool in which the threat actors told users that they would know the identities of the otherwise anonymous visitors to their Facebook profiles.
In order to know so, users had to provide their login credentials which led the attackers to access their accounts and use it for nefarious purposes such as posting spam comments that led to one of their fraudulent websites especially those hosting Bitcoin scams.
If a user visited one of these websites, they were opened to a Bitcoin trading platform which of course was fake and tried to defraud users into giving up amounts starting from 250 Euros.
Phishing page that stole Facebook credentials (Image: vpnMentor)
1 of 3
Now, how were they finally caught?
Most companies leave unsecured databases wild out in the open but sometimes attackers do so too. This is exactly what happened here as the attackers left their Elasticsearch database with the sensitive information (credentials & IP addresses) of almost 100,000 victims worth over 5.5 GB available fo ..
Support the originator by clicking the read the rest link below.
