According to a security analyst, the confidential personal information of more than half a billion Facebook users leaked into a well-trafficked hacking forum earlier today – a potential risk for millions of cryptocurrency traders and hodlers who may now be vulnerable The exchange of simulation and other identity-based attacks.
The information treasure was first discovered by Alon Gal, CTO of security firm Hudson Rock, who posted on Twitter about the leak today:
All 533 million Facebook records were leaked for free.
This means that if you have a Facebook account, it is extremely likely that the phone number used for the account has been leaked.
I have yet to see Facebook recognizing this absolute neglect of its data. https://t.co/ysGCPZm5U3 pic.twitter.com/nM0Fu4GDY8
– Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
According to Gal, the leak is related to a security vulnerability first discovered in 2019. In January 2021, it was learned that hackers were able to use the information to access users’ phone numbers; the leak has now expanded to include “phone number, Facebook ID, full name, location, previous location, date of birth, (sometimes) email address, account creation date, relationship status, bio. “
According to Gal, the information can now allow hackers and scammers to implement a variety of social manipulation exploits and other nefarious practices:
“Evildoers will certainly use the information for social engineering, scams, hacking and marketing.”
Cryptocurrency users are at particular risk from such attacks. Earlier this year, a victim of a simulation exchange attack sued the mobile phone company T-Mobile for $ 450,000, and in 2018, Kaspersky Labs found that hackers managed to steal 21,000 ETH, currently valued at more than US $ 43 million, in social engineering attacks over more than 12 month period.
The data breach is also orders of magnitude greater than the Ledger breach last year. Shortly after more than 270,000 user information was leaked online, users reported extortion threats and considered lawsuits against the hardware portfolio company.