Security researchers recently discovered a Facebook scam that compromised 13 million records of 150,000 to 200,000 users between June-September 2020. Scammers tricked Facebook users into inputting their login credentials on a spoofed website that promised to show a list of people who had visited their profiles. The scammers would subsequently use these credentials to take over the victims’ accounts and post a set of fake Bitcoin websites on their profiles. The 5.5GB of harvested data, which was stored unencrypted on an Elasticsearch database, included Facebook usernames and passwords, emails, and phone numbers, among other Personally Identifiable Information (PII).