A threat actor is selling a database that allegedly contains 3.8 billion Clubhouse and Facebook user records on an underground forum.
According to the users’ post, the compilation includes 3.8 billion phone numbers, names and Clubhouse ranks alongside Facebook profile links. It also says the collection of phone numbers is not exclusively linked to Clubhouse members but includes numbers of individuals found in users’ contact lists synced with the platform.
How much is this data worth? Well, the data broker wants USD 100,000 for the entire database. However, he’s willing to split the data entries into smaller batches for other low-end buyers.
What is at stake?
According to CyberNews researchers, the data broker didn’t manage to sell the whole database to a single buyer and is looking to sell slices of it. Moreover, the authenticity of the alleged info could not be verified or confirmed yet.
If genuine, however, the leaked data could bring dire consequences to users around the globe. Cybercriminals could use this kind of data in targeted phishing attacks and spam campaigns to steal sensitive data or compromise devices and networks.
The data can also be used in other social engineering campaigns targeting users’ phone numbers, Facebook profiles and passwords. Even if the allegedly scraped data does not include passwords, it will not stop a savvy attacker from attempting to brute-force account passwords and break into Facebook accounts.
While there’s no need to panic, Clubhouse and Facebook users should remain vigilant and prepare themselves for any cyberattacks. If you haven’t enabled two-factor authentication yet, do it now. While doing that, it wouldn’t hurt to change your password as well.
Watch out for any suspicious connection request or message received via Facebook messenger or texts.
To paint a picture of your digital identity and find out what key pieces have been exposed in data breaches and leaks over the years, check now with Bitdefender’s Digital Identity Protection. The service helps you take proactive measures to control, manage and protect your digital self with real-time notifications that alert you when your data ends up in legal or illegal data collections on the internet. You also get expert recommendations to fix any privacy issue detected so you can stay a step ahead of malicious activity and protect your financial wellbeing.