Skip to main content
  1. Home
  2. Social Media
  3. Web
  4. Legacy Archives

A field trip to the Facebook black market in which we buy 1.5 million accounts and email addresses for $5

Add as a preferred source on Google

facebook black marketThe seedy underbelly of Facebook has surfaced yet again thanks to Bogomil Shopov, an online IT marketing and community management professional from Bulgaria, who recently was able to purchase one million names, email addresses, and Facebook profile IDs. 

While browsing the Web for free marketing tools and guides for his business, or “zero budget marketing,” as he told me, Shopov was led to Gigbucks. Gigbucks is an “e-commerce” platform similar to Fiverr, where buyers can purchase services or products for as little has $5 or as much as $50. But what he stumbled on was an offer for one million Facebook accounts and their email addresses that were mined from a Facebook app. Out of curiosity, Shopov purchased the Excel list for $5 and shortly thereafter received the list as promised. He recognized that the header was Turkish, indicating that the developers responsible for procuring the user information were from Turkey, but the accounts were primarily of users located in the United States, Canada, and the UK.

Recommended Videos

After publishing his blog post detailing the transaction, Facebook reached out to Shopov via phone to find out how exactly he’d gotten his hands on all this data. And when we checked out the URL again today, we noticed that the offer had been taken down from Gigbucks. Shopov told us that Gigbucks’s administrators notified him last night that the offer was removed, likely at the request (read: demand) of Facebook.

As Facebook has introduced more seamless interactions into Facebook Connect and its Open Graph apps, it’s become more difficult to know what you’re giving up and what you’re giving access to; it’s all much less noticeable than it used to be. Users may not realize that it’s rather simple for developers to mine your information; too many of us assume that third-party Facebook app developers won’t use your information like this. “The data that we voluntarily provide to social networks, even as we police our privacy settings, is becoming increasingly vulnerable,” says Robert Leshner, founder of Safeshephard. “It’s not Facebook or even LinkedIn that we have to worry about,” Leshner adds. “It’s the weakest link in the privacy chain, and right now that’s third-party apps. The walled garden of Facebook isn’t very well walled off – it’s crumbling.”

How third-party developers do this is by creating apps (that may or may not offer value) for the sole purpose of collecting user data, a practice we’ve talked about before. When you first use a Facebook app, a page pops up that describes the information you’re permitting the developer to access. Your email address, name, user ID, gender, and other basic information is fair game — and if it gets into the wrong hands, can then be aggregated into a tidy list and sold off.

There’s a rather large incentive among blackhat marketers to pay for this valuable list of real email addresses and Facebook accounts (Facebook, after all, has made a name for itself as the proprietor of real identities). These addresses can be used to boost the number of followers on Facebook pages (through invitations), or Facebook users can be placed on email lists. It can also be used to target these specific users based on email addresses, phone numbers, and user ID. Note that you can find the Facebook account associated with an email address simply by typing the email into Facebook’s search bar, similarly to how a researcher previously discovered the Facebook profiles associated with the phone numbers.

Image used with permission by copyright holder

A simple Web query reveals an expansive and thriving underground market for Facebook IDs linked to email addresses. It’s reminiscent of the market for hacked Twitter accounts that we reported on earlier this month. In fact, we were able to purchase a couple of these lists for a little as $5 each. Like Shopov, we were sent a .rar file with several .txt files listing over 1.5 million email addresses, names, and Facebook profile IDs. And yes, it really was that easy.

What one of the sellers revealed to us just how prevalent and common the practice of buying and selling this data is: He purchased a list of 32 million email addresses and Facebook accounts from his friends and repackaged the list into sets of between one and two million email addresses to resell. There also appears to be some reusing and recycling going on, as we realized we’d purchased duplicate lists from two different sellers.

With our increasing reliance on using Facebook or other social networks to access third-party applications, our data can be easily misused and profited from by third-parties. Before you allow an app access to your information next time around, you might want to be more mindful.

We reached out to Facebook and will update you with their response.

Francis Bea
Former Digital Trends Contributor
Francis got his first taste of the tech industry in a failed attempt at a startup during his time as a student at the…
Google Maps could soon order food for you using Gemini
Your next takeaway order could start inside Google Maps
Google Maps

Google Maps has steadily evolved from a navigation app into an AI-powered discovery platform, thanks to Gemini integration and features like Ask Maps. Now, the app could be preparing to take the next step by letting users order food directly through conversational AI.

According to Android Authority's Authority Insights, the latest beta version of Google Maps for Android contains references to an unreleased feature that would allow users to ask Maps to place food orders on their behalf. While the functionality isn't live yet, newly discovered code strings suggest Google is actively developing the feature.

Read more
Most Americans want kids off social media before 16, new survey shows
A new Pew Research Center survey has found broad support for banning social media for kids under 16, with even stronger backing for age verification and parental consent rules.
Child using a blue phone

A majority of US adults now support banning social media for anyone under 16, according to a new Pew Research Center survey. The finding puts American public opinion roughly in line with countries that have already acted on the idea, including Australia, which has enforced a ban, and the UK, which is currently considering one.

Support holds steady across party lines and age groups

Read more
Meta under scrutiny after Instagram approved child abuse advertisements in India
Instagram's ad review system failed to block child abuse promotions
Instagram app

Warning: This article contains real-world examples of abuse.

A BBC investigation has found that Instagram approved and displayed paid advertisements promoting child sexual abuse material (CSAM) to users in India, raising fresh questions about the effectiveness of Meta's moderation systems and the growing challenge of policing illegal content on social media.

Read more