A field trip to the Facebook black market in which we buy 1.5 million accounts and email addresses for $5

facebook black marketThe seedy underbelly of Facebook has surfaced yet again thanks to Bogomil Shopov, an online IT marketing and community management professional from Bulgaria, who recently was able to purchase one million names, email addresses, and Facebook profile IDs. 

While browsing the Web for free marketing tools and guides for his business, or “zero budget marketing,” as he told me, Shopov was led to Gigbucks. Gigbucks is an “e-commerce” platform similar to Fiverr, where buyers can purchase services or products for as little has $5 or as much as $50. But what he stumbled on was an offer for one million Facebook accounts and their email addresses that were mined from a Facebook app. Out of curiosity, Shopov purchased the Excel list for $5 and shortly thereafter received the list as promised. He recognized that the header was Turkish, indicating that the developers responsible for procuring the user information were from Turkey, but the accounts were primarily of users located in the United States, Canada, and the UK.

After publishing his blog post detailing the transaction, Facebook reached out to Shopov via phone to find out how exactly he’d gotten his hands on all this data. And when we checked out the URL again today, we noticed that the offer had been taken down from Gigbucks. Shopov told us that Gigbucks’s administrators notified him last night that the offer was removed, likely at the request (read: demand) of Facebook.

As Facebook has introduced more seamless interactions into Facebook Connect and its Open Graph apps, it’s become more difficult to know what you’re giving up and what you’re giving access to; it’s all much less noticeable than it used to be. Users may not realize that it’s rather simple for developers to mine your information; too many of us assume that third-party Facebook app developers won’t use your information like this. “The data that we voluntarily provide to social networks, even as we police our privacy settings, is becoming increasingly vulnerable,” says Robert Leshner, founder of Safeshephard. “It’s not Facebook or even LinkedIn that we have to worry about,” Leshner adds. “It’s the weakest link in the privacy chain, and right now that’s third-party apps. The walled garden of Facebook isn’t very well walled off – it’s crumbling.”

How third-party developers do this is by creating apps (that may or may not offer value) for the sole purpose of collecting user data, a practice we’ve talked about before. When you first use a Facebook app, a page pops up that describes the information you’re permitting the developer to access. Your email address, name, user ID, gender, and other basic information is fair game — and if it gets into the wrong hands, can then be aggregated into a tidy list and sold off.

There’s a rather large incentive among blackhat marketers to pay for this valuable list of real email addresses and Facebook accounts (Facebook, after all, has made a name for itself as the proprietor of real identities). These addresses can be used to boost the number of followers on Facebook pages (through invitations), or Facebook users can be placed on email lists. It can also be used to target these specific users based on email addresses, phone numbers, and user ID. Note that you can find the Facebook account associated with an email address simply by typing the email into Facebook’s search bar, similarly to how a researcher previously discovered the Facebook profiles associated with the phone numbers.

1 million facebook entries purchased for five dollars unique emails

A simple Web query reveals an expansive and thriving underground market for Facebook IDs linked to email addresses. It’s reminiscent of the market for hacked Twitter accounts that we reported on earlier this month. In fact, we were able to purchase a couple of these lists for a little as $5 each. Like Shopov, we were sent a .rar file with several .txt files listing over 1.5 million email addresses, names, and Facebook profile IDs. And yes, it really was that easy.

What one of the sellers revealed to us just how prevalent and common the practice of buying and selling this data is: He purchased a list of 32 million email addresses and Facebook accounts from his friends and repackaged the list into sets of between one and two million email addresses to resell. There also appears to be some reusing and recycling going on, as we realized we’d purchased duplicate lists from two different sellers.

With our increasing reliance on using Facebook or other social networks to access third-party applications, our data can be easily misused and profited from by third-parties. Before you allow an app access to your information next time around, you might want to be more mindful.

We reached out to Facebook and will update you with their response.

Social Media

Periscope tool adds guests to feeds so streamers can become talk show hosts

Periscope users can now invite viewers to chime into the conversation with more than just the comment tool. By enabling the option to add guests, livestreamers can add guests to the conversation, in audio format only.
Deals

Are flat pillows a pain in your neck? Here are the best pillows for side-sleepers

If you've tried doubling up on pillows or buying larger ones to no avail, then it might just be time for a new pillow – one made for sleeping on your side. We've rounded up the best pillows for side sleepers that give neck and head…
Home Theater

Make the most out of your new Apple TV with these must-have apps

If you're looking to turn your fourth-generation Apple TV or Apple TV 4K into an all-in-one entertainment powerhouse, we can help you get started with this list of the best Apple TV apps you can download.
Gaming

Want to share your Xbox One games with a friend? Here's how to do it

Sharing games on modern consoles is possible, but it takes a few steps. Here's how to start sharing games on your Xbox One console, so friends and family can easily access your library.
Computing

Reluctant to give your email address away? Here's how to make a disposable one

Want to sign up for a service without the risk of flooding your inbox with copious amounts of spam and unwanted email? You might want to consider using disposable email addresses via one of these handy services.
Photography

Crouching, climbing, and creeping, the perfect Instagram shot knows no bounds

Just how far will you go for the perfect Instagram? A recent survey shows just how willing Instagram users -- and Instagram husbands -- are to climb, lie down, embarrass themselves or let their food go cold for the perfect shot.
Social Media

Facebook’s long-promised ‘unsend’ feature arrives. Here’s how to use it

Send a message to the wrong person? Messenger now gives you 10 minutes to take it back. After an update beginning to roll out today, users can now retract messages if they act within the first 10 minutes after sending the message.
Social Media

YouTube boss admits even her own kids gave the ‘Rewind’ video a thumbs down

YouTube's 2018 Rewind video went down like a lead balloon at the end of last year, becoming the most disliked video in its history. And now YouTube's CEO has admitted that even her own kids thought it was pretty darn awful.
Social Media

Snapchat finally recovers from its redesign — so here comes an Android update

Snapchat's drop in users after launching a controversial redesign has finally stagnated. During the fourth quarter and 2018 earnings report, Snapchat shared that the company is rolling out an Android update designed to increase performance.
Social Media

Skype’s new ‘blur background’ feature could help keep you from blushing

Skype's latest feature for desktop lets you blur your background during video calls. The idea is that it keeps you as the focus instead of distracting others with whatever embarrassing things you might have on show behind you.
Social Media

Twitter users are declining but more people are seeing ads every day

Twitter's end-of-the-year report for 2018 is a mix of good and bad news. The good news is that more users are seeing adds daily, the metric the company will focus on moving forward. But the bad news is that monthly active users are…
Web

Switch up your Reddit routine with these interesting, inspiring, and zany subs

So you've just joined the wonderful world of Reddit and want to explore it. With so many subreddits, however, navigating the "front page of the internet" can be daunting. Here are some of the best subreddits to get you started.
Computing

YouTube beats Apple, Netflix as the most trusted brand by millennials

The popular video sharing website YouTube climbed up in an annual Mblm study, moving up from third place in 2018 and coming ahead of both Apple and Netflix in final 2019 rankings. 
Social Media

LinkedIn finally gets around to launching its own live video tool

Live video is coming to LinkedIn for businesses and individuals on the site. The livestreaming feature is launching in beta in the U.S. before rolling out to the entire community.