Cybercriminals are using Meta’s Threads platform as a new marketplace for stolen financial information, including full credit card details, personal information, Social Security numbers, physical addresses, images of cards, and other credentials. The information is being sold for between $3.50 and $65.
Security researchers describe this information as a “treasure trove” for fraudsters, opening the door for phishing, cyberstalking, identity theft, and even real-world stalking.
While Meta has acknowledged this issue, stating that it is actively working to remove such content, some experts argue that the platform’s response lacks urgency, reports The Register.
Researchers have identified at least 15 accounts with substantial followings—some numbering over 12,000 followers—that openly post this sensitive information. Some researchers suspect that Meta’s algorithm may even be promoting these posts, inadvertently encouraging the proliferation of illegal activity across Threads and Instagram.
Cybersecurity experts have also raised concerns about the longevity of these accounts, noting that many have been operational for months without being flagged or removed. They recommend Meta implement automated tools such as Optical Character Recognition (OCR) to identify credit card images and other formats used by cybercriminals.
Moreover, criminals are employing savvy engagement strategies. In one case, a Threads poll invited users to vote on whether specific card numbers “worked fine,” were still functional, or were “declined.” This crowdsource feedback mechanism essentially helps criminals verify the usability of stolen data, underscoring the ingenuity of these bad actors in adapting social media tools for illegal purposes.
As the influence of Telegram in cybercrime diminishes — partly due to recent crackdowns following the arrest of Telegram CEO Pavel Durov — researchers have observed a migration of these activities to other platforms like Threads. Although some criminals have migrated to Threads, they still offer to complete sales on Telegram, reinforcing the platform’s residual role in the cybercrime operation.
In the News: ChatGPT generates harmful codes via hexadecimal prompts: Research
