Just days after social media giant Facebook admitted that accounts of 50 million users had been compromised, it was reported that details of the hacked accounts are being sold on the dark web for mere $3.
The Independent reported that many listings feature on the dark web — a section of the internet that can only be accessed via sophisticated software.
Moneycontrol could not independently verify the report.
Security experts fear that if the avenue is exploited by cybercriminals, it could lead to cases of identity theft or blackmail.
Popular dark websites like Dream Market showcase listings of personal user information. They use ratings systems similar to e-commerce marketplaces like Amazon and eBay to verify vendors.
One can only buy hacked accounts using semi-anonymous digital currencies like bitcoin, for $3-$12. The value of the stolen data has been valued at between $150 million and $600 million if sold individually.
Bill Conner, CEO of cybersecurity firm SonicWall said that personal data is very valuable on the dark web and what an organisation or nation-state can do with this information should be taken seriously.
"As long as stolen data continues to fetch high prices and equip perpetrators with the means necessary to carry out attacks, hold victims ransom, extort information or destroy property, organisations must exhaust all measures to diligently detect and protect their networks and users," he added.
Information acquired online is sold to numerous companies for targeted advertising, according to a report by UK firm Money Guru. Social media accounts provide direct access to a person's life and these details are stolen frequently for advertising purposes, the report said. It added that it's a fast track to identity theft as it can "control your accounts, lock you out and cause serious reputational damage in a short period of time".
Facebook's vice president of product management Guy Rosen said that they didn't know who was behind the attack or whether any affected accounts had been breached. Due to this, Facebook may have to pay fines of up to $1.63 billion under the European Union's data protection laws.