According to reports, personal data of 533 million Facebook users has been posted online, with data including full names, locations, email addresses, phone numbers and biological information available for free.
“The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses,” Business Insider reported.
“Insider reviewed a sample of the leaked data and verified several records by matching known Facebook users’ phone numbers with the IDs listed in the data set,” the report continued. “We also verified records by testing email addresses from the data set in Facebook’s password reset feature, which can be used to partially reveal a user’s phone number.”
According to a Facebook spokesperson, the data was scraped due to a vulnerability that was fixed in 2019. The data was previously leaked, and has now been made widely available.
Liz Bourgeois, who works in Facebook’s Communications department, and lists “formerly @TheDemocrats and @SpeakerPelosi” in her Twitter bio, tweeted on Saturday, “This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019.”
This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019. https://t.co/mPCttLkjzE
— Liz Bourgeois (@Liz_Shepherd) April 3, 2021
“While a couple of years old, the leaked data could provide valuable information to cybercriminals who use people’s personal information to impersonate them or scam them into handing over login credentials, according to Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, who first discovered the entire trough of leaked data online on Saturday,” Business Insider added.
“Bad actors will certainly use the information for social engineering, scamming, hacking and marketing,” tweeted Alon Gal, the co-founder of an Israeli cybercrime intelligence company called Hudson Rock, who flagged the release of the Facebook data Saturday, according to The Washington Post.
“Social engineering involves getting access to people’s confidential information by gaining their trust rather than overcoming technical barriers — for example, by impersonating a tech support person,” the Post added.
“This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked,” Gal tweeted. “I have yet to see Facebook acknowledging this absolute negligence of your data.”
All 533,000,000 Facebook records were just leaked for free.
This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.
I have yet to see Facebook acknowledging this absolute negligence of your data. https://t.co/ysGCPZm5U3 pic.twitter.com/nM0Fu4GDY8
— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
The Federal Trade Commission fined Facebook $5 billion in 2019 for allegedly misleading users about how their personal information was being accessed by third parties, including advertisers. “Facebook did not have to admit guilt, but its settlement with the government included what was the largest privacy violation fine in American history,” the Post notes.