Data of over 553 million Facebook users were made public on Saturday. The data was exposed for free by a hacker in a hacking forum and included details like phone numbers and other personal data. Personal information of millions of users from across 106 countries, including India, were exposed.
The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and – in some cases – email addresses.
A Facebook spokesperson said that the leaked data was scraped due to a vulnerability that the company patched in 2019. A vulnerability was discovered in 2019 that allowed phone numbers of millions of users to be scraped from Facebook servers. The social media giant said that the vulnerability was patched in August 2019.
While a couple of years old, the leaked data could provide valuable information to cybercriminals who use people’s personal information to impersonate them or scam them into handing over login credentials, according to Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, who first discovered the entire trough of leaked data online on Saturday.
“A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks or hacking attempts,” said Gal to the news site.
Some of the data appeared to be current, while some of the leaked phone numbers belong to owners of Facebook accounts.
The data leak was first discovered by Gal in January when a user in the same hacking forum advertised an automated bot that could provide phone numbers of millions of Facebook users in exchange for a price. Now the entire dataset has been posted online for free, making it easy for anyone with basic data skills to access.
According to Gal, there is not much that Facebook could do at this point except for informing users that their data is out in the open so that users could remain vigilant in the future.
Gal said that individuals who have signed up for a reputable company like Facebook are trusting them with their data and Facebook is supposed to treat them with utmost respect. Leak of user information is a huge breach of trust and must be handled accordingly, he said.