Alon Gal, the chief technology officer of the cyber intelligence company Hudson Rock, said there are more than 32 million accounts in the US, 11 million in the UK, and 6 million in India. Records.
He said that in some cases, the details include full name, location, birthday, email address, phone number and relative status.
Hudson Rock showed CNN Business the phone numbers of two senior staff members contained in the database.
The vulnerability was originally reported by the news website Insider.
Facebook spokesperson Andy Stone told CNN on Saturday: “This is old data previously reported in 2019. We discovered and fixed this issue in August 2019.”
Facebook did not disclose at the time whether to notify affected users.
Stone added: “In 2019, we removed the feature that people use their phone numbers to find other people directly on Facebook and Instagram-you can use complex software codes to take advantage of this feature to imitate Facebook and provide phone numbers to Find the user to which it belongs.”
Although the data is from 2019, it may still be valuable to hackers and cybercriminals who engage in identity theft.
Alon Gal of Hudson Rock pointed out on Twitter that the way the data was classified and posted to hacker websites this week made it easier for criminals to exploit it.
Ethical hacker and SocialProof Security CEO Rachel Tobac (Rachel Tobac) told CNN: “These are data that cybercriminals spend a lot of time searching for social engineering attacks (a type of hacking), but now they are all Concentrated in one place, easy to access in this leak, which makes social engineering faster and easier.”