"At this stage, we are not aware of how the data got leaked at the first instance. It might be due to a leakage in third-party API (Application Programming Interface) or scrapping," the company said in a statement.
Given that the data contains sensitive details on the users, it might be used by cybercriminals for phishing and spamming, it warned.
Photo: Cyble official portal
In December last year, reports surfaced that a database containing names and phone numbers of more than 267 million users was exposed online.
The database was made available for download on an online hacker forum, according to a blog post on the website Comparitech.
A Facebook spokesperson had said at that point of time that "we are looking into this issue, but believe this is likely information obtained before changes we made in the past few years to better protect people's information".
The Cyble researchers recommended users to tighten their privacy settings on their Facebook profiles, and be cautious of unsolicited emails and text messages.
"We are currently indexing the data at our darkweb monitoring platform, and retail users can access it via AmIbreached.com," the company informed.
Facebook faced intense scrutiny after personal data of 87 million users were harvested by UK-based political consulting firm Cambridge Analytica. The Federal Trade Commission (FTC) slapped Facebook with a $5 billion fine as a result of the breach.
The social media
giant in November last year revealed that at least 100 app developers may have accessed Facebook users' data for months, confirming that at least 11 partners "accessed group members' information in the last 60 days".
Facebook found that the apps -- primarily social media
management and video streaming apps -- retained access to group member information, like names and profile pictures in connection with group activity, from the Groups API (application programming interface).
Not just Facebook, Cyble last week informed that hackers
dumped over 5 lakh credentials of those who attended office conference calls via Zoom, and gave away those for free on the Dark Web.
"Cyble purchased more than 530,000 on an underground hacking forum for next to nothing. Several of the company's clients were among the stolen credentials, which also included personal meeting URLs and Zoom host keys," claimed the report.
Cyble confirmed that the credentials were indeed valid.
Bleeping Computer also got in touch with some of the compromised account owners and were told that the passwords were correct.
One hacker interviewed by Motherboard who claims to have traded exploits found in Zoom on the black market said that Zoom flaws typically sell for between $5,000 to $30,000.
Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.
We, however, have a request.
As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practise the journalism to which we are committed.
Support quality journalism and subscribe to Business Standard.