IntelBroker claims responsibility for leaking a partial database of Facebook Marketplace
IntelBroker leaked Facebook Marketplace data, compromising 200,000 entries with sensitive data targeting a cloud service contractor.
Threat actor IntelBroker has claimed responsibility for leaking a partial database of Facebook Marketplace, allegedly stolen by another actor named “algoatson” on Discord. The breach targeted a contractor managing cloud services for Facebook, compromising approximately 200,000 entries with sensitive personal information.
Compromised data includes full names, Facebook IDs, phone numbers, physical IDs, and profile settings, posing risks of identity theft and phishing attacks, but no passwords were exposed. IntelBroker, known for previous high-profile cyber-attacks, has a history of breaching organizations, including, among others, the leak of sensitive US Department of Defense documents and the General Electric security breach in November and December 2023.
This leak, disclosed on Breach Forums, highlights the evolving threat landscape and the persistence of cybercriminals. Previous incidents involving Metas’s Facebook cybersecurity concerns, such as the 2021 leak of personal data for over 500 million users, emphasize the ongoing challenges in securing user information.
Why does it matter?
This data leak touches upon two issues: the need to combat cybercrime and Meta’s responsibility in ensuring adequate security for its users and consumers.
This is an issue that UK MPs have addressed, claiming that the company is not investing enough in Facebook’s Marketplace consumers. Namely, MP Tim Loughton, Conservative MP for East Worthing and Shoreham explained to the Independent that because Facebook Marketplace does not have a payment channel linked to it, it is not financially responsible in case fraud occurs.
Therefore, as Hackread reports, the breach underscores the need for immediate action by Facebook and affected users to mitigate the impact, alongside enhanced security measures to prevent future incidents. Until then, users are encouraged to change passwords, enable two-factor authentication (2FA), be cautious of phishing attempts, and review privacy policy policies.