By: Leonardo Neri
On October 4, 2021, Facebook servers around the world experienced instability, affecting national stock exchanges, problems for sellers who need the networks for work, in addition to the loss of approximately US$1.5 billion in assets from Facebook itself and US$1.6 billion in personal income from Mark Zuckerberg, the company's CEO. In a statement, the group that owns the huge social networks affected (WhatsApp, Facebook and Instagram) claims that the outage was not a hacker attack, but rather an internal failure. However, even though the problem was local, the number of cybercrimes on the platforms increased, with the theft of around 1.5 billion user data and its sale on dark web forums.
It is important to note that, in theory, the hijacked data has no connection with the 500 million stolen in early 2021, due to another system failure. It is worth noting that the criminals probably had easy access to the company's server and, given the company's vulnerability, acted to sell user registration data.
Furthermore, the data is made available in the manner commonly seen in illegal forums, with the sale of names; e-mail; location; gender; telephone number and user ID. However, no accounts appear to have been compromised, given that passwords are not included in the sales package. The technology website Privacy Affairs states that the purchase of 1 million of these pieces of information, at the current price, costs around R$$27.3 thousand.
Furthermore, to prove that the data was not removed in an invasive manner, the criminals claimed that the theft was a case of scraping, a type of data scraping that involves the use of artificial intelligence to collect consumer information, whether permitted or not. According to the hackers, the scraping was done through surveys made available to the public that were innocently accessed by users.
This is a case of high magnitude in an uncertain context of the start of the LGPD sanctions in Brazil.