vpnMentor uncovered a phishing operation targeting hundreds of thousands of Facebook users worldwide and targeting Bitcoin fraud
Advertise with us : Advertise
The perpetrators put unsecured Elasticsearch database online
“If you’ve reused your Facebook password for other accounts, change it immediately to protect yourself from hacking. We recommend using a password generator to create unique, secure passwords for each private account and then changing them regularly. “
As a result, the information disclosed puts users at risk of phishing and credentials. Facebook users who believe they have been compromised by this scam should change their login information immediately. vpnMentor warns
Perpetrators targeted Bitcoin fraud
Picture by Pixabay
The security team first discovered the unsecured database on September 21, 2020. According to vpnMentor, the criminals collected the records in the database in the period from June to September 2020. It is also possible that the operation was more extensive and carried out much longer. VpnMentor deleted the database one day after the discovery. The service reported the case to Facebook that same day. Facebook also forced a reset of the passwords for the affected accounts.
Massive Facebook phishing and Bitcoin scam tricks people by appealing to their vanity and insecurity, hacks their accounts, and uses them to promote fake Bitcoin trading sites. 100,000s of people successfully fooled and defrauded. https://t.co/OGbGCdLHvE
Cyber criminals have stolen Facebook passwords and lured friends of their victims with posts related to them on websites promoting a Bitcoin scam. Security researchers from vpnMentor revealed that they made their entire operations available in an unsecured database. The cloud server is now offline.
The security researchers at vpnMentor, Noam Rotem and Ran Locar, have disclosed a fraud in which approximately 13.5 million data records were compromised. They found an unsecured Elasticsearch database with approximately 5.5 GB of personal user information. According to cyber security firm vpnMentor, the fraud was discovered after security experts tracked down the completely unsecured database. Accordingly, the fraudsters forgot to lock their cloud database from unauthorized access.
The tracked data contained both Facebook login information (usernames and passwords) for 150,000 to 200,000 Facebook users, as well as outlines for comments that the hackers used to mislead people into Bitcoin fraud. Furthermore, data on personal information (PII), such as emails, names and telephone numbers of users who have logged on to the Bitcoin site and domains for the websites used in the fraud.
“Sometimes the extent of a data breach and the owner of the database are obvious and the problem is quickly resolved. However, these cases are rather rare. Most of the time, it takes days of investigation before we understand what it is about or who is losing the data. In this case, the incident did not originate from Facebook. The exposed database belonged to a third party who used it to process Facebook account credentials that were illegally accessed through a group of scam websites targeted at social network users. “
As a result, the hackers accessed the victims’ Facebook accounts using the stolen credentials. They then posted spam comments about these accounts, referring people to a number of fake bitcoin trading platforms. On these Bitcoin trading websites, the criminals cheated people out of deposits of at least 250 euros each.
Virtual currency is not legal tender, is not backed by the government, and accounts and value balances are not subject to consumer protections. TheBitcoinNews.com holds several Cryptocurrencies, and this information does NOT constitute investment advice or an offer to invest.
The hackers used a very common trick for their action. They offered Facebook users a tool on the platform that supposedly could find out who recently visited their profiles. Without realizing that this was a trap, those affected disclosed private information, such as login information and payment credentials, on phishing websites specially prepared for the fraud.
Send bulk sms with Bitcoin and don’t worry If your link gets reported. We are constantly monitoring your links and We’ll pause your campaigns if any issue…