There are records for more than 32 million accounts in the United States, 11 million in the United Kingdom and 6 million in India, according to Alon Gal, CTO of cyber intelligence firm Hudson Rock.
Details in some cases include full name, location, birthday, email addresses, phone number and relationship status, he said.
Hudson Rock showed CNN Business the phone numbers of two of our senior employees that are included in the database.
The leak was first reported by the news site Insider.
“These are old data that were previously reported in 2019. We found and fixed this problem in August 2019,” Facebook spokesman Andy Stone told CNN on Saturday.
Facebook did not say whether it notified affected users at the time.
Stone added: “In 2019, we removed people’s ability to find other people directly using their phone number on Facebook and Instagram – a function that could be exploited using sophisticated software code, to mimic Facebook and provide a number of phone to find which users they belonged to. ”
Although this data is from 2019, it can still be valuable to hackers and cybercriminals, such as those who commit identity theft.
Hudson Rock’s Alon Gal pointed out on Twitter that the way the data was classified and posted on the hacker site this week makes it much more accessible for criminals to exploit.
Rachel Tobac, an ethical hacker and CEO of SocialProof Security, told CNN: “These are the pieces of data that cyber criminals spend time looking for to carry out social engineering attacks (a type of hacking) – but now they are all in one. place and easily accessible in this leak, which makes social engineering faster and easier. “
