According to breaking reports and online sources such as security researcher Alon Gal the personal data of around 533 million Facebook users has just been leaked online for free for anyone to access. The data breach has been verified in a recent write-up at Insider.
“The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India,” according to Insider. “It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses.”
As Jay Peters shared at theverge the 500 million figure may seem familiar and there’s a good reason. You may recall that Motherboard (Vice) reported back in January about a dataset of phone numbers from Facebook available online, posted in a low-level hacking forum. Cybercriminals and hackers share this data between themselves. Also they could easily access and buy portions of it via a relatively basic telegram bot. Worryingly, it appears they are one and the same. Except that now users can get their hands on the dataset info without spending a dime or having any hacking skills.
All 533,000,000 Facebook records were just leaked for free.
This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.
I have yet to see Facebook acknowledging this absolute negligence of your data. https://t.co/ysGCPZm5U3 pic.twitter.com/nM0Fu4GDY8
— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
Facebook shared with the Insider that the reason this data was scraped was because of a vulnerability that was already fixed in 2019. A similar answer was given to Motherboard be the company in January. “This is old data that was previously reported on in 2019,” Facebook told BleepingComputer. “We found and fixed this issue in August 2019.”
The creator of the Have I Been Pwned database, Troy Hunt, said on Saturday that “I haven’t seen anything yet to suggest this breach isn’t legit.” The data reveals around 2.5 million unique email addresses which is still a significant portion. However, the more pressing issue is the phone numbers that are now available fro everybody. The consequences could be far greater you can read what Hunt had to say on the subject.
If you have a few moments to spare, it is advisable to read the entire Twitter thread to find out more about the breach in detail.
I’ve had a heap of queries about this. I’m looking into it and yes, if it’s legit and suitable for @haveibeenpwned it’ll be searchable there shortly. https://t.co/QPLZdXATpt
— Troy Hunt (@troyhunt) April 3, 2021
Fortunately, Hunt didn’t hesitate to upload the email list to his site. So you can already check to see if your email has been compromised in the leaked dataset. As yet, he is still considering adding the phone numbers and making them searchable via his website tool services.
Anna Dovbysh
With 7 years of writing experience and a deep interest in tech, innovations, and all things trending, Anna’s here to shine a light on the most interesting tech stories. Need to know which gadget to choose for your sports activities? Wondering how technology can improve your lifestyle? Want to know what to expect from Apple this year? She’s got all the answers. Subscribe to her posts and share your opinion on the matter!