- The personal data of more than 500 million Facebook users has been posted online on a low-level hacker forum.
- The data includes phone numbers, full names, locations, email addresses, and biographical information.
- Security researchers warn that hackers may use this data to impersonate others and commit fraud.
- Check out more stories on Insider’s business page.
Users in low-level hacker forums posted the phone numbers and personal data of hundreds of millions of Facebook users online for free.
The public data includes personal information of more than 533 million Facebook users from 106 countries/regions, including more than 32 million U.S. user records, 1
Insider reviewed samples of the leaked data and verified several records by matching the phone numbers of known Facebook users with the IDs listed in the data set. We also verify the record by testing the email address from the data set in the Facebook password reset function, which can be used to partially display the user’s phone number.
According to Alon Gal, the chief technology officer of the cybercrime intelligence company Hudson Rock, the leaked data may provide valuable information to cybercriminals who use people’s personal Information to impersonate others or trick them into handing over their login credentials, he first discovered the leaked data on Saturday.
“A large database containing private information (such as the phone numbers of many Facebook users) will certainly lead to bad actors using this data for social engineering attacks. [or] Hacker attempted. “Gal told Insider.
Facebook did not immediately respond to multiple requests for comment.
Gal first discovered the leaked data in January, when in the same hacker forum, a user promoted an automated bot that could provide phone numbers to hundreds of millions of Facebook users in exchange for prices. The motherboard reported the existence of the robot at the time and verified whether the data was legal.
Now, the entire data set has been published on hacker forums for free, making it widely available to anyone with basic data skills.
-Aunder Gal (under the breakthrough) (@UnderTheBreach) April 3, 2021
This is not the first time that a large number of Facebook user phone numbers have been found on the Internet. A vulnerability discovered in 2019 allows the phone numbers of millions of individuals to be scraped from Facebook servers in violation of its terms of service. Facebook stated that the vulnerability was fixed in August 2019.
After Cambridge Analytica deleted the data of 80 million users, Facebook vowed to crack down on large-scale data collection efforts, which violated Facebook’s terms of service and targeted voters with political ads in the 2016 general election.
Gal said that from a security point of view, Facebook cannot take any measures to help users affected by this vulnerability because their data has been made public, but he added that Facebook can notify users so that they can remain vigilant.
Fraud that plans or uses their personal data.
“Individuals who have signed up with well-known companies such as Facebook trust their data and Facebook [is] Gal said: “Data should be treated with the utmost respect. Users who leak their personal information are a serious breach of trust and should take corresponding measures.”