The personal data of more than 500 million Facebook users were published on a low-level online hacking forum for free on Saturday, according to a recent report.
The exposed data has personal information of 533 million Facebook users from 106 countries, which includes details such as phone numbers, Facebook IDs, full names, locations, past locations, birth dates, and in some cases email addresses, account creation date, relationship status, bio.
At least data of over 32 million records on users in the U.S., 11 million records on users in the UK, and 6 million records on users in India are included in this leak.
The leaked data was first discovered by Alon Gal, Chief Technology Officer of cybercrime intelligence firm, Hudson Rock in January 2021. At the time, a user in the same hacking forum was selling an automated bot that could provide phone numbers for hundreds of millions of Facebook users in exchange for a price.
Back then, Gal had blown the whistle on this and had tweeted, “In early 2020 a vulnerability that enabled seeing the phone number linked to every Facebook account was exploited, creating a database containing the information 533m users across all countries. It was severely under-reported and today the database became much more worrisome.”
He had further added, “Few days ago a user created a Telegram bot allowing users to query the database for a low fee, enabling people to find the phone numbers linked to a very large portion of Facebook accounts. This obviously has a huge impact on privacy.”
Now, this very same entire database, which was previously accessible via a Telegram bot, has been posted on the hacking forum for free, allowing access to anyone with basic data skills.
“All 533,000,000 Facebook records were just leaked for free. This means that if you have a Facebook account, it is extremely likely the phone number used for that account was leaked. I have yet to see Facebook acknowledging this absolute negligence of your data,” Gal wrote in a tweet on Saturday.
According to him, bad actors are most likely to use the exposed private information such as phone numbers of Facebook users for social engineering, scamming, hacking, and marketing.
All 533,000,000 Facebook records were just leaked for free.
This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.
— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
In an emailed statement on Saturday afternoon, Facebook acknowledged the news but said the data was retrieved during a breach in 2019.
“This is old data that was previously reported on in 2019,” a Facebook spokesperson said. “We found and fixed this issue in August 2019.”
Although a couple of years old, Gal pointed that the exposure has allowed hackers to view phone numbers and other personal information of Facebook users.
“Individuals signing up to a reputable company like Facebook are trusting them with their data and Facebook [is] supposed to treat the data with utmost respect,” he added. “Users having their personal information leaked is a huge breach of trust and should be handled accordingly.”
This is not the first time Facebook has its users’ data leaked online. In 2019, data of 419 million Facebook and 49 million Instagram users were exposed in databases online. In the same year, the social media giant also suffered another data breach where data of 267 million users was exposed.