- The personal data of more than 500 million Facebook users has been posted online in a low-level hacking forum.
- The data includes phone numbers, full names, location, e-mail address and biographical information.
- Security researchers warn that the data can be used by hackers to impersonate people and commit fraud.
- See more stories on the Insider business page.
A user on a low-level hacking forum posted the phone numbers and personal details of hundreds of millions of Facebook users for free online.
The exposed data includes personal information of more than 533 million Facebook users from 106 countries, including more than 32 million user records in the United States, 11 million users in the United Kingdom and 6 million users in India. It includes your phone numbers, Facebook IDs, full names, locations, dates of birth, biographies and – in some cases – email addresses.
Insider analyzed a sample of the leaked data and checked several records by comparing the phone numbers of known Facebook users with the IDs listed in the data set. We also checked the logs by testing email addresses from the dataset on Facebook’s password reset feature, which can be used to partially reveal a user’s phone number.
The leaked data can provide valuable information to cybercriminals who use people’s personal information to impersonate them or trick them into handing login credentials, according to Alon Gal, CTO of the cyber crime intelligence firm Hudson Rock, what first discovered the leaked data on Saturday.
“A database of this size containing private information, such as the phone numbers of many Facebook users, would certainly lead to criminals taking advantage of the data to carry out social engineering attacks. [or] hacking attempts, “Gal told Insider.
Facebook did not immediately respond to several requests for comment.
Gal discovered the leaked data in January, when a user on the same hacker forum announced an automated bot that could provide phone numbers to hundreds of millions of Facebook users in exchange for a price. Motherboard reported the existence of that bot at the time and verified that the data was legitimate.
The entire data set has now been posted to the hacker forum for free, making it widely available to anyone with rudimentary data skills.
—Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
It is not the first time that a large number of phone numbers of Facebook users have been found exposed online. A vulnerability discovered in 2019 allowed millions of people’s phone numbers to be stolen from Facebook’s servers, violating their terms of service. Facebook said the vulnerability was fixed in August 2019.
Facebook had already promised to crack down on mass data collection after Cambridge Analytica stole data from 80 million users in violation of Facebook’s terms of service to target voters with political ads in the 2016 elections.
Gal said that, from a security standpoint, there is not much that Facebook can do to help users affected by the breach, since their data is already open – but added that Facebook can notify users so they can remain vigilant as possible
phishing
scams or fraud with your personal data.
“Individuals who sign up for a reputable company like Facebook are trusting their data and Facebook [is] supposedly to treat the data with the utmost respect, “said Gal.” Users who have their personal information leaked are a major breach of trust and should be treated accordingly. “