A crime operation has recently been spotted stealing hundreds of thousands of Facebook user accounts and passwords by tricking them. These cybercriminals themselves were the ones to slip up when they forgot to lock down a particular cloud database that stored the whole login credentials of users along with their passwords.
Scammers spotted stealing information for elaborate scheme
This meant that just about anyone with a web browser could in fact view the given information including even more details on how they were able to carry out the operation. The findings come from Ran Locar and Noam Rotem who are Israeli security researchers. The researchers published what they found through their research with the security website vpnMentor.
The story was reported by CNet and it stated that both Locar and Rotem reported what they found to Facebook and the previous database is now no longer exposed. Facebook automatically forced everyone who was affected to reset their own passwords.
How do scammers get Facebook information?
It was reported that in order to steal the users’ passwords, these scammers actually used certain websites that simply posed as legitimate services that were offering to show the Facebook user just who had viewed their own Facebook profiles. The website then sent them towards a fake Facebook login page which was allegedly used to fool hundreds of thousands of users into entering their own accounts and passwords.
Based on the findings of the recent research regarding the exposed database, both Locar and Rotem saw that the scammers were then using the hacked Facebook account to spam certain content on their Facebook profiles. The content was aimed to lure their friends into a bitcoin scheme.
Read Also: EU Commission Announces Second Formal Investigation Into Amazon’s Alleged Breach of Antitrust Rules
Facebook ruled out: Scam unfolds
Before coming to a verdict, both Locar and Rotem initially thought that the database belonged to the social media Facebook itself but after intent inspection, they then ruled out Facebook. They stated that due to the evidence, it then became quite obvious that the whole thing was a cybercrime.
The website that promised to offer data regarding who viewed the Facebook user’s profile did not actually give anything of that sort and instead collected the user’s Facebook login credentials. Using the stolen access, the scammers then started spamming bitcoin-related services as well as bitcoin-related news.
These are quite common on Facebook nowadays and it could be that the unauthorized spammy commenting could have stemmed from that. The researchers put an estimate of about hundreds of thousands of different Facebook users all clicking the links leading them towards a certain fake bitcoin trading platform. The platform required a $300 deposit for users to be able to start to trade the said cryptocurrency which was a complete scam. This is not the first time that…