The Elasticsearch database contained information on more than 100,000 hacked social network user accounts.Security researchers at vpnMentor discovered a publicly available ElasticSearch database containing information on more than 100,000 hacked Facebook accounts. The database was larger than 5.5 GB, contained a total of 13,521,774 records, and remained available from June to September of this year.
Scammers used stolen credentials to access Facebook accounts and spread spam comments on messages. All comments ended up being linked to a fake bitcoin marketplace that was used to defraud people for over € 250.
According to experts, the criminals included links to fake news sites, hoping to bypass and obfuscate Facebook's fraud and bot detection tools. If compromised accounts posted the same links to fraudulent resources over and over again, they would quickly be blocked by the social network.
The scammers tricked Facebook users into providing credentials by offering a tool that allegedly reported visitors to their profiles. The personally identifiable data in the archive also included the email addresses, names and phone numbers of the victims who registered with the fraudulent bitcoin site. Experts uncovered dozens of domains controlled by criminals.
The researchers notified the social network of their findings, and also confirmed that the database is real and valid. The day after the unsecured database was discovered, it was probably the target of a so-called meow attack, as a result of which all data was deleted. Soon the owners of the database turned it off.
Let us remind you that earlier dozens of unprotected databases available on the Internet became victims of automatic cyber attacks. The hackers were replacing all indexes in the public Elasticserch and MongoDB databases with a random character set with the word meow at the end.