A trove of personal data, including full names, phone numbers and emails of a whopping 533 million Facebook users has reportedly been leaked online. The social media giant downplayed the incident, claiming that the data was “old.”
A huge database that previously circulated privately, has now been published on a hacking forum for free, according to Business Insider, which first broke the news. The data dump affects people from 106 countries, including more than 32 million Americans, some 11 million UK citizens and 6 million Indians.
The trove apparently features sensitive information ranging from emails and phone numbers to full names, Facebook IDs and biographies. The outlet verified the authenticity of some of the data by matching phone numbers with the IDs listed in the dataset.
Liz, can you help? I’m still using the same birthdate and it seems like I need to rotate it in light of Facebook’s abysmal security practices, but my state is being uncooperative.
— Pete Holiday (@toomuchpete) April 3, 2021
The social media giant, however, believes there is little reason to worry, since the data appears to be at least several years old and a part of a previously reported leak. A Facebook spokesperson, Liz Bourgeois, said on Twitter that the vulnerability that has allowed the hackers to obtain the data in the first place was successfully “fixed” back in 2019.
A cyber security expert who discovered the leaked data, Alon Gal, believes that the real situation might not be just as blissful as the tech giant claims it to be. A Chief Technology Officer at the cybercrime intelligence firm Hudson Rock, Gal, said that the data could easily be used by malicious actors to impersonate real owners in various scam schemes.
All 533,000,000 Facebook records were just leaked for free.This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.I have yet to see Facebook acknowledging this absolute negligence of your data. https://t.co/ysGCPZm5U3pic.twitter.com/nM0Fu4GDY8
— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
“A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks [or] hacking attempts,” Gal said.
The cybercrime revealed that he first got on the scent of the stolen data back in January, when another person on the hacking forum was offering phone numbers of hundreds of millions of Facebook users for a certain price.
Was a data breach notification sent to all impacted users? Can’t find any in my inbox and GDPR requires it (at least for your EU customers). It’s not fun to find out 2 years later Facebook leaked to the public something I specifically configured as private.
— Giorgio Bonfiglio (@g_bonfiglio) April 3, 2021
With that data now available “for free,” Facebook should’ve at least informed the affected users about this “old leak,” to raise their awareness about the danger of potential frauds, Gal added. “Individuals signing up to a reputable company like Facebook are trusting them with their data and Facebook [is] supposed to treat the data with utmost respect… Users having their personal information leaked is a huge breach of trust and should be handled accordingly.”
The news might come as a little surprise, since the tech giant, whose business is all about collecting vast amounts of personal data for targeted ads, has repeatedly been plagued by similar leak and hacking scandals in the past.
In December 2018, Facebook was forced to “apologize” after a bug in the company’s software provided third party apps with access to photos of nearly 7 million people. The incident took place just months after hackers accessed the data of 29 million users.
In May 2019, a database containing details and records of more than 49 million people using the Facebook-owned Instagram was leaked by an Indian marketing company, while in September 2019, some 419 million phone numbers linked to Facebook accounts were left exposed on an unprotected server.
Think your friends would be interested? Share this story!