According to security researcher Alon Gal, 533 million Facebook users have had their phone numbers and personal data leaked on a low-level hacking forum.
“All 533,000,000 Facebook records were just leaked for free,” Alon Gal, Chief Technology Officer at Hudson Rock, a cybercrime intelligence firm based in Israel, wrote on Twitter. “This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked. I have yet to see Facebook acknowledging this absolute negligence of your data.”
In the meantime, Facebook admitted to online media company Insider that this data was scrapped because of a vulnerability that the company fixed 2 years ago, an answer almost identical to that received by tech publication BleepingComputer. The tech giant referred to the reports as “old news.”
“This is old data that was previously reported on in 2019,” a Facebook spokesperson said. “We found and fixed this issue in August 2019.”
The hack exposes phone numbers, Facebook IDs, full names, locations, birthdates, bios, and email addresses.
The leaked data appears to be genuine and contains the personal information of Facebook users from 106 countries, including phone numbers, Facebook IDs, full names, locations, birthdates, bios, and even email addresses, all of which have been published for free.
“Details include: Phone number, Facebook ID, Full name, Location, Past Location, Birthdate, (Sometimes) Email Address, Account Creation Date, Relationship Status, Bio, “ Gal also confirmed in a tweet. “Bad actors will certainly use the information for social engineering, scamming, hacking and marketing.”
Zuckerberg’s number might be among the leaks
This is not the first time that a significant amount of personal information belonging to Facebook users has been leaked online. Previously, the data of approximately 87 million users have been acquired and used by political consulting firm Cambridge Analytica in what was a clear violation of Facebook’s terms of service. The purpose behind this personal information harvest was to target voters with political ads in the 2016 election and ultimately gave birth to the famous Facebook–Cambridge Analytica data scandal. Following the incident, Facebook reassured that it will take more drastic measures to prevent mass-scrapping.