A recent data breach affecting Facebook Marketplace has exposed the personal information of over 200,000 users. The breach occurred in October 2023 when a hacker known as "algoatson" infiltrated the systems of a third-party cloud services contractor used by Meta, Facebook's parent company.
Here is what we know so far about the breach:
Hacker Stole Sensitive User Information
The hacker was able to steal credentials that included full names, phone numbers, Facebook IDs, and profile settings of Marketplace users. While passwords were not included in the stolen data, the contact information and profile details are significant enough to enable phishing attacks, spam messages, and other forms of fraud targeting the compromised accounts.
In February 2024, a portion of the stolen data was leaked online by a user with the handle "IntelBroker" on a hacking forum called Breach Forums. IntelBroker has not revealed which specific contractor was breached, but the timing points to the October 2023 hack by algoatson as the likely source.
With over 24,000 email addresses confirmed to be included in the leaked data, Marketplace users should be vigilant against suspicious messages purportedly coming from Facebook friends or Meta itself. The breach leaves account holders vulnerable to convincingly spoofed phishing attempts.
How to Protect Your Account After the Breach
If you regularly use Facebook Marketplace and you want to protect yourself, we recommend enabling two-factor authentication on your account and exercising caution if you receive a message from Facebook or Meta.
The company has faced ongoing criticism over its handling of user data security, and this latest incident involving Marketplace only further damages that reputation. Meta hasn’t released any statement regarding the breach yet, but considering the sensitivity of the situation, it’s very likely that we’ll hear from them soon.