According to Business Insider, Facebook experienced the largest personal data leak in its history: names, phone numbers, addresses, and other sensitive data of 533 million Facebook users from 106 countries were freely available online.
The personal data of 533 million users of one of the largest social media companies was published on the darknet and made available for free. Alon Gal, the CTO of cybersecurity company Hudson Rock, told Business Insider.
Details include:
— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
Phone number, Facebook ID, Full name, Location, Past Location, Birthdate, (Sometimes) Email Address, Account Creation Date, Relationship Status, Bio.
Bad actors will certainly use the information for social engineering, scamming, hacking and marketing.
According to the cybersecurity researcher, the database contains phone numbers, names, geolocations, dates of birth, biographical information, and in some cases, even email addresses of users. Gal says fraudsters can use this data to impersonate affected users or trick them into gaining access to their accounts.
He also added that this is not the first time hackers have gained access to the information from this database. It was Gal who first discovered the data breach in January this year, when a user advertised an automated Telegram bot that provided phone numbers of millions of Facebook users for a fee on a hacker forum.
The Internet Protocol
Probably, the same database was leaked this time, but now the data on Facebook users has been made publicly available, and you don't have to pay anything to access the information. According to Alon Gal, attackers are likely to use them to manipulate or attempt hacker attacks.
"This is old data that was previously reported on in 2019," a Facebook spokesman said. "We found and fixed this issue in August 2019."
The Internet Protocol
Elon Gal calculated that the database contains data from users from 106 countries. Most of the users whose personal data hackers got access to are from the USA (more than 32 million), the UK (11 million), and India (6 million).
Full list of affected users by country pic.twitter.com/Wrrzd0WyxE
— Alon Gal (Under the Breach) (@UnderTheBreach) January 14, 2021
Have I Been Pwned database creator Troy Hunt has already uploaded the leaked email addresses to his service. Thus, users can already check if their personal data has been compromised. Troy Hunt is still considering whether to add leaked phone numbers to the service.
But for spam based on using phone number alone, it's gold. Not just SMS, there are heaps of services that just require a phone number these days and now there's hundreds of millions of them conveniently categorised by country with nice mail merge fields like name and gender.
— Troy Hunt (@troyhunt) April 3, 2021
One of the largest such incidents occurred in 2018, when it became known that the data analysis company Cambridge Analytica, which worked on Donald Trump's presidential campaign, illegally gained access to 87 million Facebook users.
