7 comments

[ 0.18 ms ] story [ 50.7 ms ] thread
So I am always curious, are there any laws that makes it mandatory to expose a data dump whenever you come across one or it depends on the goodness of their heart to report it? I guess even if there is a law like that, it would be hard to enforce.
This wasn't a Facebook data breach. The attackers used a phishing attack to trick users into entering their Facebook login and password into a different site.
The previous comment never indicated it was. Facebook sucks.
I think GP is trying to ask, why do we ever see these dumps at all? Why don't the attackers keep them to themselves?
> I think GP is trying to ask, why do we ever see these dumps at all? Why don't the attackers keep them to themselves?

In this case, the scammers failed to secure their own data, and researchers found the breach through unspecified means.

To clarify, this was not a Facebook data breach. The hackers tricked people into entering their usernames and passwords with a fake login form on a different website:

> the first group were tricked into handing over their account log-ins by a fake app promising to reveal who had recently visited their profile.

The claim of 13 million records also seems misleading. The article says they have 150-200K logins. The number of "records" seems to be a measure of rows multiplied by the number of data points (columns).

> Among the 5.5GB haul discovered by vpnMentor on September 21, was 150,000-200,000 Facebook usernames and passwords, and personal info including emails, names and phone numbers for hundreds of thousands who had fallen victim to a Bitcoin scam.

1. The original write-up can be found here: https://www.vpnmentor.com/blog/report-facebook-scam/

2. Facebook was not breached in the sense that is normally meant by that term.

3. You may assume that the "bitcoin scam" is untraceable and the scammers will get away because it used cryptocurrency. Not the case. They were spamming links to "bitcoin trading" platforms which accept deposits using credit cards and which are a modern reincarnation of "forex trading" scam platforms. The industry is mostly based out of Israel and uses the normal banking system and even accepts credit cards, as I mentioned. The only reason the criminals won't get caught is that no government will prioritize this.