In a major privacy breach, personal data of close to 533 million Facebook users from 106 countries have allegedly been posted online for free on low level hacking forums.
According to Business Insider, which reviewed and verified several records, the leaked personal information includes phone numbers, Facebook IDs, locations, birthdates, full names, bios and even email addresses in some cases.
In India, records of around 6 million users were posted online. Apart from this over 32 million and 11 million records were found to be on users in the US and UK, respectively.
Facebook data leak: What happened?
The latest set of leaked data was scraped due to a vulnerability that Facebook patched in 2019. Alon Gal, CTO of cybercrime intelligence firm Hudson Rock revealed in a tweet that all 533,000,000 records exploited due to a vulnerability that enabled seeing the phone number linked to the Facebook account were leaked for free.
This means that the leaked personal information of over 533 million Facebook users is out there and can be exploited by hackers to perform hacking attempts or social engineering attacks, Gal told Insider. Perhaps one of the biggest concerns is that it allows users to search for a Facebook user’s phone number.
All 533,000,000 Facebook records were just leaked for free.
This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.
— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
However, do note that Facebook has not released an official statement yet and it is unclear if the data of users have been exploited.
Though the data is slightly older, a lot of it still remains relevant given there is not a high chance that users don’t change their email id or phone number associated with their account every year.
To reiterate, the data leak can be traced back to 2019. However, the social media giant said at that time that it had patched the vulnerability. The data was sold on Telegram for free of $20 per search in 2019, allowing people to find phone numbers linked with Facebook accounts. It was leaked again in January 2021.