On Saturday, a user in a low-level hacking forum posted the phone numbers and personal information of hundreds of millions of Facebook users online for free.
Data details of over 533 million Facebook users from 106 countries was revealed, including over 32 million records for US users, 11 million for UK users, and 6 million for Indian users.
Before having formed a conclusion, Insider did make cross-checkings for proper evidence of this breach of data by such a renowned tech platform. Records were double checked by putting email addresses from the Facebook password reset data set to the test, which can be used to expose a user’s phone number in part.
According to a Facebook spokesperson, the data was scraped as a result of a flaw that the company patched in 2019.
According to Alon Gal, CTO of cybercrime intelligence company Hudson Rock, who first discovered the entire trough of leaked data online on Saturday, the leaked data may provide useful information to the hackers over the internet , creating threat for the people whose data is at stake.
Gal first learned about the data leak in January, when another user on the same hacking forum advertised an automated bot that could supply phone numbers for hundreds of millions of Facebook users for a fee. At the time, Motherboard posted on the bot’s life and confirmed that the data was correct.
The entire dataset has now been made freely available on the hacking forum, making it accessible to everyone with rudimentary data skills.
Insider tried to contact the leaker via Telegram but did not receive a response.
If we go back in time, we would realise this isn’t the first time with Facebook. In violation of Facebook’s terms of service, a vulnerability discovered in 2019 enabled millions of people’s phone numbers to be scraped from its servers. The vulnerability was fixed in August of this year, according to Facebook.
After Cambridge Analytica scraped the data of 80 million users in breach of Facebook’s terms of service to target voters with political advertising during the 2016 election, Facebook pledged to crack down on mass data-scraping.
From a security standpoint, Gal said there’s not much Facebook can do to protect users affected by the breach because their data is already out in the open – but he added that Facebook might warn users so they can be on the lookout for phishing attempts or fraud involving their personal details.