Security researchers revealed that cyber criminals left a database exposed, to discover a global attack that led to the penetration of Facebook accounts that were used to deceive others.
The researchers uncovered a large-scale global fraud targeting Facebook users, after finding a database of unsafe data that the fraudsters used to store usernames and passwords for at least 100,000 victims.
The researchers said: The cyber criminals behind the fraud were deceiving Facebook victims to provide login credentials to their accounts using a tool that pretended to detect who was forging their personal files.
Next, “the fraudsters used the stolen login credentials to share unwanted comments on Facebook posts via the compromised victims’ accounts, with the aim of directing people to their network of fraud sites, ”according to researchers at information security firm vpnMentor Friday. And “all of these sites eventually led to a fake Bitcoin trading platform used to trick people into getting deposits of at least 250 euros.”
The researchers said: They have no evidence of the possibility that any other malicious parties may have accessed or leaked the data.
The unsecured Elasticsearch database contained about 5.5 gigabytes of data, which contained 13,521,774 records of at least 100,000 Facebook users. The database was open during the period between June and September of this year, and it was discovered on September 21, and it was closed on September 22.
The data in the exposed database included credentials, IP addresses, and text diagrams of comments that fraudsters may post on Facebook pages via the compromised accounts, directing people to suspicious and fraudulent websites, and PII (Personally Identifiable Information) data, such as: emails, And the names and phone numbers of victims who were defrauded to obtain Bitcoin.
In order to ensure that the database was active and authentic, the researchers said, they entered false credentials to log into one of the fraudulent webpages and verified its registration.