- The personal data of more than 500 million Facebook users have been posted online in a low-level hacking forum.
- The data includes phone numbers, full names, location, email address, and biographical information.
- Security researchers warn that hackers could use the data to impersonate people and commit fraud.
A user on a low-level hacking forum posted the phone numbers and personal details of hundreds of millions of Facebook users for free online on Saturday.
The exposed data includes personal information from more than 533 million Facebook users from 106 countries, including more than 32 million user records in the US, 11 million users in the UK, and 6 million users in the UK. India. It includes their phone numbers, Facebook IDs, full names, locations, dates of birth, biographies, and in some cases, email addresses.
Insider reviewed a sample of the leaked data and verified multiple logs by matching the phone numbers of known Facebook users to the IDs listed in the dataset. We also verify the logs by testing the email addresses from the dataset in Facebook’s password reset feature, which can be used to partially reveal a user’s phone number. A Facebook spokesperson told Insider that the data was removed due to a vulnerability that the company patched in 2019..
While it’s a couple of years old, the leaked data could provide valuable information to cybercriminals who use people’s personal information to impersonate or scam them into providing login credentials, according to Alon Gal, chief technology officer at cybercrime intelligence firm Hudson Rock, who first discovered the entire leaked data channel online on saturday.
“A database of that size that contains private information, such as the phone numbers of many of Facebook’s users, would certainly lead to bad actors taking advantage of the data to carry out social engineering attacks. [or] hacking attempts, “Gal told Insider.
Commercial
Gal first discovered the leaked data in January when a user on the same hacking forum announced an automated bot that could provide phone numbers for hundreds of millions of Facebook users in exchange for a price. Motherboard reported the existence of that bot at the time and verified that the data was legitimate.
Now the entire dataset has been posted to the hacking forum for free, making it widely available to anyone with basic data knowledge.
-Alon Gal (Under the Gap) (@UnderTheBreach) April 3, 2021
Insider tried to reach the leaker through the Telegram messaging app, but got no response.
This is not the first time that a large number of Facebook users’ phone numbers have been exposed online. The vulnerability that was discovered in 2019 allowed the phone numbers of millions of people to be removed from Facebook’s servers in violation of its terms of service. Facebook said the vulnerability was fixed in August 2019.
Facebook previously promised to crack down on massive data scraping after Cambridge Analytica scraped the data of 80 million users in violation of Facebook’s terms of service to target voters with political ads in the 2016 election.
Gal said that from a security point of view, there is not much Facebook can do to help users affected by the breach as their data is already out in the open, but added that Facebook could notify users so that They can stay tuned for possible phishing or fraud schemes using your personal data.
“People who register with a reputable company like Facebook trust them with their data and Facebook [is] We are supposed to treat data with the utmost respect, “said Gal.” Users whose personal information is leaked is a major breach of trust and should be handled accordingly. “
Do you have a tip? Contact this reporter securely by email at [email protected] or via the Signal encrypted messaging app at 706-347-1880 using a non-work phone.
.
