[ad_1]
A security researcher discovered that more than 550 million Facebook profile data is freely available on an Internet forum. The leaker was offering user details such as phone number, full name, location, email, among others.
The information is from the American website “Insider”, which published about the data set discovered by security researcher Alon Gal on Saturday (3). Facebook says the information comes from a 2019 leak.
In total, there is data from 553 million Facebook users from 106 countries. The countries with the most information in the database are: Egypt (44 million), USA (32 million), Colombia (17.9 million), Algeria (11.5 million), United Kingdom (11 million), Spain (10 million) and Brazil (8 million).
In total, 9 types of information are available on the forum:
- Facebook ID (code that identifies each person on the social network);
- Facebook account creation date;
- Civil status;
- Phone number;
- Full name;
- Location;
- Date of birth;
- Bioinformation;
- Email addresses (in some cases).
The “Insider” managed to verify the veracity of part of the data, and they matched those of real profiles of the social network. However, doubts remain as to whether this information is recent or not.
The news agency “Reuters” points out that this information is probably old, the result of a leak that was reported in January this year by the North American website “Motherboard”. The difference is that at that time access to information was charged. Now, according to an “Insider” report, everything is available for free.
In a statement sent to Inclination, Facebook reported that “this data is old and was reported in 2019, the result of a vulnerability that we found and corrected in August of that year.”
What’s wrong with leaking this data?
Regardless of whether they are old or not, cybercriminals can use legitimate information about this leak to try to steal people’s social media accounts.
The “Insider”, for example, tested Facebook’s password reset feature. For that, it was enough to use one of the emails, notify that they had forgotten it and the social network showed part of the person’s phone number – before resetting a password, the platform sends a verification code and indicates part of the registered number . .
This information could also be used in social engineering scams: knowing your name and phone number, for example, a cybercriminal could try to obtain banking information from victims. Or just use this data for marketing campaigns – victims might be patient with unsolicited calls or messages.
If you want more information on what to do when you’ve leaked information, we have a guide that explains how to proceed.
