A field trip to the Facebook black market in which we buy 1.5 million accounts and email addresses for $5

facebook black marketThe seedy underbelly of Facebook has surfaced yet again thanks to Bogomil Shopov, an online IT marketing and community management professional from Bulgaria, who recently was able to purchase one million names, email addresses, and Facebook profile IDs. 

While browsing the Web for free marketing tools and guides for his business, or “zero budget marketing,” as he told me, Shopov was led to Gigbucks. Gigbucks is an “e-commerce” platform similar to Fiverr, where buyers can purchase services or products for as little has $5 or as much as $50. But what he stumbled on was an offer for one million Facebook accounts and their email addresses that were mined from a Facebook app. Out of curiosity, Shopov purchased the Excel list for $5 and shortly thereafter received the list as promised. He recognized that the header was Turkish, indicating that the developers responsible for procuring the user information were from Turkey, but the accounts were primarily of users located in the United States, Canada, and the UK.

After publishing his blog post detailing the transaction, Facebook reached out to Shopov via phone to find out how exactly he’d gotten his hands on all this data. And when we checked out the URL again today, we noticed that the offer had been taken down from Gigbucks. Shopov told us that Gigbucks’s administrators notified him last night that the offer was removed, likely at the request (read: demand) of Facebook.

As Facebook has introduced more seamless interactions into Facebook Connect and its Open Graph apps, it’s become more difficult to know what you’re giving up and what you’re giving access to; it’s all much less noticeable than it used to be. Users may not realize that it’s rather simple for developers to mine your information; too many of us assume that third-party Facebook app developers won’t use your information like this. “The data that we voluntarily provide to social networks, even as we police our privacy settings, is becoming increasingly vulnerable,” says Robert Leshner, founder of Safeshephard. “It’s not Facebook or even LinkedIn that we have to worry about,” Leshner adds. “It’s the weakest link in the privacy chain, and right now that’s third-party apps. The walled garden of Facebook isn’t very well walled off – it’s crumbling.”

How third-party developers do this is by creating apps (that may or may not offer value) for the sole purpose of collecting user data, a practice we’ve talked about before. When you first use a Facebook app, a page pops up that describes the information you’re permitting the developer to access. Your email address, name, user ID, gender, and other basic information is fair game — and if it gets into the wrong hands, can then be aggregated into a tidy list and sold off.

There’s a rather large incentive among blackhat marketers to pay for this valuable list of real email addresses and Facebook accounts (Facebook, after all, has made a name for itself as the proprietor of real identities). These addresses can be used to boost the number of followers on Facebook pages (through invitations), or Facebook users can be placed on email lists. It can also be used to target these specific users based on email addresses, phone numbers, and user ID. Note that you can find the Facebook account associated with an email address simply by typing the email into Facebook’s search bar, similarly to how a researcher previously discovered the Facebook profiles associated with the phone numbers.

1 million facebook entries purchased for five dollars unique emails

A simple Web query reveals an expansive and thriving underground market for Facebook IDs linked to email addresses. It’s reminiscent of the market for hacked Twitter accounts that we reported on earlier this month. In fact, we were able to purchase a couple of these lists for a little as $5 each. Like Shopov, we were sent a .rar file with several .txt files listing over 1.5 million email addresses, names, and Facebook profile IDs. And yes, it really was that easy.

What one of the sellers revealed to us just how prevalent and common the practice of buying and selling this data is: He purchased a list of 32 million email addresses and Facebook accounts from his friends and repackaged the list into sets of between one and two million email addresses to resell. There also appears to be some reusing and recycling going on, as we realized we’d purchased duplicate lists from two different sellers.

With our increasing reliance on using Facebook or other social networks to access third-party applications, our data can be easily misused and profited from by third-parties. Before you allow an app access to your information next time around, you might want to be more mindful.

We reached out to Facebook and will update you with their response.

Emerging Tech

How emotion-tracking A.I. will change computing as we know it

Affectiva is just one of the startups working to create emotion-tracking A.I. that can work out how you're feeling. Here's why this could change the face of computing as we know it.
Smart Home

From the kitchen to the bedroom, here are the best Alexa tips and tricks

Amazon's voice assistant Alexa has plenty of neat skills. So many, in fact, it seems like new ones appear every day. We've rounded up the top Echo tips and tricks to help you get the most out of your virtual assistant.

Are flat pillows a pain in your neck? Here are the best pillows for side-sleepers

If you've tried doubling up on pillows or buying larger ones to no avail, then it might just be time for a new pillow – one made for sleeping on your side. We've rounded up the best pillows for side sleepers that give neck and head…
Emerging Tech

The next clash of Silicon Valley titans will take place in space

By attempting o bring internet access to every last person on Earth, tech giants have a new mission. It's also one that will put them into competition with one another -- only this time in space.
Social Media

Facebook’s tributes section serves as an online memorial for deceased users

Death doesn't stop Facebook users from sharing memories, and now those memorialized posts have a dedicated spot on the network. Facebook Tribute is a section on memorialized profiles for users to write posts and share memories.
Social Media

How to protect yourself from GoFundMe scams before donating

Can you spot a GoFundMe scam? While the fundraising platform says scams make up less than a tenth of one percent of campaigns, some do try to take advantages of others' charity -- like a case last year that made national news.
Social Media

Your Facebook newsfeed is getting a spring cleaning, and so is Messenger

Hows that newsfeed looking? Facebook has shared an update on efforts to clean up the newsfeed, as well as what tools are coming next. Facebook has new Trust Indicators, while Messenger gains badges for verified accounts.
Social Media

Looking to officially rid your inbox of Facebook messages? Here's how

Deleting messages from Facebook Messenger is almost as easy as scrolling through your News Feed. Here, we show you how to delete an entire conversation or a single message, both of which take seconds.
Social Media

LinkedIn: Now you can express love, curiosity, and more with new Reactions

LinkedIn is following in the footsteps of Facebook (three years later!) with the rollout of new reactions that give users more ways to express themselves when responding to posts in their feed.
Social Media

Twitter’s experimental Twttr app is even more popular than the real thing

Twttr, the new app that lets regular Twitter users test new features, is proving more popular than the main app, according to the company. The revelation suggests some of the innovations may land for all Twitter users soon.
Social Media

Messenger and Facebook, together again? Facebook tests integrating chats

Longing for the old days where Facebook and Messenger were one app? Facebook is testing an integrated chat option. While Messenger remains more feature-rich, the test brings some chat functionality back into the Facebook app.
Social Media

How to download Instagram Stories on iOS, Android, and desktop

Curious about how to save someone's Instagram Story to your phone? Lucky for you, it can be done -- but it does take a few extra steps. Here's what you need to know to save Instagram Stories on both iOS and Android.
Social Media

Facebook, Instagram, and WhatsApp went down worldwide for 2 hours this morning

Chaos erupted on the internet this morning, as Facebook, Instagram, and Whatsapp all went down from 6:30 a.m. to approximately 9 a.m. Thousands of users were unable to access the sites or send or receive Whatsapp messages.

Skype screen sharing for mobile will let you share your swipes on dating apps

Skype is prepping the launch of screen sharing for mobile so you can share your swipes on dating apps, shop with buddies, or, perhaps, show a PowerPoint presentation to coworkers. It's in beta just now, but anyone can try it.