A low-level hacking forum has published the personal data of 533 million Facebook users. The personal data comes from people in 106 countries including 32 million US users.
Alon Gal, the security researcher pointed the leak out, the result of a Facebook vulnerability patched in 2019. The information went up for sale through a dark cybercrime forum last January when the potential buyers could find details in the database by using a Telegram hot. But now, the entire trove has been available for free.
All 533,000,000 Facebook records were just leaked for free.
This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.
— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
“The exposed data includes personal data of 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India,” writes Insider. “It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses.”
A spokesperson matching Facebook users’ phone numbers with the IDs listed in the data set and confirmed. Also, it checked records by testing email addresses in FB’s password reset tool, which can reveal the phone number of users to a certain degree. The information only comes up to 2019 whereas many users keep the same phone number for years.
So what's the impact? For a targeted attack where you know someone's name and country, it's great for mobile phone lookup. Much harder to do en masse as there's no reliable key; I couldn't take a big list of emails and resolve them to phone numbers as email is rare in the data.
— Troy Hunt (@troyhunt) April 3, 2021
According to Troy Hunt, the creator of Have I Been Pwned, found 2.5 million unique email addresses in the data set. Users’ phone numbers are the most appealing element for hackers and scammers. It can be used for everything from SMS spam to signing up for services, Hunt said. If you want to know either your information was a part of breach or not then you have to visit Hunt’s page.