A low-level hacking forum user posted the phone numbers and personal details of hundreds of millions of Facebook users online for free. The exposed data includes the personal information of more than 533 million Facebook users in 106 countries, including more than 32 million records about users in the United States, 11 million about users in the United Kingdom and 6 million about users in India. They include their phone numbers, Facebook IDs, full names, places of residence, dates of birth, biographies, and in some cases, email addresses.
Insider examined a sample of the leaked data and verified multiple logs by matching the phone numbers of known Facebook users with the IDs listed in the dataset. We also verify the logs by testing the email addresses from the dataset in Facebook’s password reset feature, which can be used to partially reveal a user’s phone number.
According to Alon Gal, technical director of the cybercrime intelligence firm Hudson rock, who has discovered the leak on Saturday, the data could provide valuable information to cybercriminals who use people’s personal information to impersonate or trick them into providing their login credentials.
“A database of this size containing private information, such as the phone numbers of a large number of Facebook users, would certainly encourage criminals to take advantage of this data to carry out social engineering attacks. [ou] hacking attempts, ”Alon Gal told Insider.
Facebook did not immediately respond to multiple requests for comment.
The leak of this data was reported last January.
Alon Gal discovered the data leak in January when a user on the same hacking forum announced an automated bot that could provide the phone numbers of hundreds of millions of Facebook users in exchange for money. Motherboard reported the existence of this robot at the time and verified that the data was correct.
Today, the dataset has been posted for free on the hacking forum, making it widely accessible to anyone with rudimentary data knowledge.
This is not the first time that a significant number of Facebook users’ phone numbers have been exposed online. A vulnerability discovered in 2019 made it possible to retrieve the phone numbers of millions of people from Facebook’s servers, in violation of its terms of service. Facebook said that this vulnerability was fixed in August 2019.
In the past, the California giant had promised to crack down on massive data breaches after Cambridge Analytica collected data from 80 million users in violation of Facebook’s terms of service to target voters with political ads in the 2016 election.
Alon Gal said that from a security perspective, there is little Facebook can do to help users affected by the vulnerability, as their data is already exposed to the light, but added that Facebook could warn users to remain. Watch out for possible phishing or fraud. operations using your personal data.
“People who sign up with a reputable company like Facebook trust their data and Facebook is supposed to treat that data with the utmost respect,” said Alon Gal. “The fact that users see their personal information being leaked is a major breach of trust and should be dealt with accordingly.”
Original version: Aaron Holmes / Insider