Facebook hosts 'criminal flea markets' where hackers sell your credit card details
'Groups like these are like cockroaches,' says one researcher. 'When you kill one, more come back'
Dozens of criminal groups that sell stolen bank and credit card details are proliferating on Facebook, an investigation has revealed.
Researchers at cyber security firm Cisco Talos uncovered 74 Facebook groups whose members offered a variety of illegal goods and services. In total, these groups – dubbed "criminal flea markets" by the researchers – had approximately 385,000 members.
The groups were able to operate openly on Facebook without being shut down, despite enabling the selling and trading of stolen financial information, online account credentials and hacking tools.
Facebook said it reviewed the groups after being approached with the researchers' findings. All of them were found to be in violation of the social network's policies and they have now been removed, however the researchers noted that more groups quickly reappeared.
A simple Facebook search by The Independent using keywords mentioned in the report revealed that many criminal-related groups still appear to thrive.
In some cases, posts to these criminal groups advertised credit card numbers with their accompanying CVV numbers, as well as identification documents and photos belonging to the victims. Other products on sale included large lists of email addresses for the purpose of spamming.
How to stop Facebook from revealing everything about you
Show all 9The latest research comes amid a shift in online criminal activity from the dark web onto popular messaging apps and social media platforms.
"There is no magic bullet answer here for any social media platform," Martin Lee, an outreach manager at Cisco Talos, told The Independent.
"Groups like these are like cockroaches. When you kill one, more come back. We need to be continually diligent about identifying and removing these groups."
When Talos initially attempted to take down the groups individually through Facebook's abuse reporting functionality, the researchers found that in some cases only individual posts were removed.
It is not a new problem for Facebook and was brought to the company's attention in April 2018 by security reporter Brian Krebs. Groups uncovered by Mr Krebs were eventually disabled but the latest findings are described in Talos' report as "remarkably similar, if not identical, to the groups reported on by Krebs".
The report concluded: "The underlying computer algorithms that help us connect, suggesting new friends or networks, are not intelligent to distinguish benign activities from the unethical or outright illegal."
Facebook said it had identified the accounts running the groups mentioned in the report and blocked their ability to create new groups on the platform.
"These groups violated our policies against spam and financial fraud and we removed them," a Facebook spokesperson told The Independent. "We know we need to be more vigilant and we're investing heavily to fight this type of activity."
When asked about the criminal groups that continue to appear, the technology giant said it was continuing to investigate.
Subscribe to Independent Premium to bookmark this article
Want to bookmark your favourite articles and stories to read or reference later? Start your Independent Premium subscription today.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies