A Las Vegas man called Spam King had faced federal fraud charges for allegedly luring Facebook users to third-party websites and collecting personal data for spam list.
He used to trick people into revealing their login details which he then used to access half a million accounts and used this to send spam to other Facebook users.
He also used to target the users with bogus "friend requests" for distributing spam.
Source: https://www.bbc.com/news/technology-34061931
TPRM report: https://scoringcyber.rankiteo.com/company/facebook
"id": "fac222223422",
"linkid": "facebook",
"type": "Cyber Attack",
"date": "08/2015",
"severity": "80",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '500,000',
'industry': 'Technology',
'location': 'Global',
'name': 'Facebook',
'size': 'Large',
'type': 'Social Media Platform'}],
'attack_vector': ['Phishing', 'Friend Requests'],
'data_breach': {'number_of_records_exposed': '500,000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personal Data, Login Details'},
'description': 'A Las Vegas man called Spam King faced federal fraud charges '
'for allegedly luring Facebook users to third-party websites '
'and collecting personal data for spam list. He tricked people '
'into revealing their login details which he then used to '
'access half a million accounts and used this to send spam to '
'other Facebook users. He also targeted the users with bogus '
"'friend requests' for distributing spam.",
'impact': {'data_compromised': 'Personal Data, Login Details',
'identity_theft_risk': 'High',
'systems_affected': 'Facebook Accounts'},
'initial_access_broker': {'entry_point': 'Phishing, Friend Requests'},
'motivation': 'Financial Gain, Data Collection',
'post_incident_analysis': {'root_causes': 'Social Engineering'},
'regulatory_compliance': {'legal_actions': 'Federal Fraud Charges'},
'threat_actor': 'Spam King',
'title': 'Spam King Cyber Incident',
'type': 'Phishing, Unauthorized Access, Spam Distribution',
'vulnerability_exploited': 'Social Engineering'}