According to security researcher Alon Gal (Alon Gal), personal data from 533 million Facebook accounts was reportedly leaked online for free. Inside story Indicates that several leaked records have been verified.
“The public data includes personal information of more than 533 million Facebook users from 106 countries/regions, including more than 32 million U.S. user records, 11 million U.K. user records, and 6 million Indian user records.” Inside story. “It includes their phone number, Facebook ID, full name, location, birthday, resume, and in some cases email address.”
If you may be familiar with these 533 million numbers, it’s because this information clearly comes from the same data set that people can pay for part of the Telegram bot. motherboard Reported in January. However, it now appears that those who want to master data do not have to pay any fees at all.
Phone number, Facebook ID, full name, location, past location, birthday, (sometimes) email address, account creation date, relationship status, resume.
Bad actors will definitely use this information for social engineering, fraud, hacking, and marketing.
—Aunder Gal (under the breakthrough) (@UnderTheBreach) April 3, 2021
Facebook tells Inside story Due to a bug fixed in 2019, the data was deleted.The company motherboard In January. “This is old data previously reported in 2019,” Facebook told Beep computer. “We discovered and fixed this issue in August 2019.” Facebook has not yet responded to a request for comment from edge.
“I was once owned” database creator Troy Hunt (Troy Hunt) said on Saturday: “I have not found any information suggesting that this violation is legal.” In the data, he found that there are only about 2.5 million unique ones. Email address (which is still a lot!), but obviously, “the biggest influence here is the phone number.” In Hunter’s words, what this might mean:
But for spam based solely on phone numbers, it is gold. Not only SMS, there are now a large number of services that only require a phone number, and now there are hundreds of millions of services that can be easily categorized by country/region, and have good mail merge fields such as name and gender.
-Troy Hunt (@troyhunt) April 3, 2021
If you can, I strongly recommend that you take a few minutes to read Hunt’s full Twitter thread to understand the violation.
Hunter has loaded the leaked email address into “I’m Already Owned”, which means you can check whether your email address is included in the data set. He is still considering whether to provide the leaked phone number through the service.
Can I search for FB phone number in @haveibeenpwned? I am considering the pros and cons between the value it adds to the affected people and the risks it brings. If it is used to help resolve numbers into identities (you still need source data to do this), then I Will consider the risks.
-Troy Hunt (@troyhunt) April 4, 2021