An anonymous reader shares a report: Threat actors are selling over 267 million Facebook profiles for $623 on dark web sites and hacker forums. While none of these records include passwords, they do contain information that could allow attackers to perform spear phishing or SMS attacks to steal credentials. Last month, security researcher Bob Diachenko discovered an open Elasticsearch database that contained a little over 267 million Facebook records, with most being users from the United States. For many of these records, they contained a user’s full name, their phone number, and a unique Facebook ID. The ISP hosting the database eventually took the server offline after being contacted by Diachenko.