Personal information of 533 million Facebook users worldwide was just leaked in a ‘low-level’ hacking forum. The amount of data covers 106 countries overall and for the Philippines, it has info of 879,699 users.
It was first seen by Alon Gal, CTO of Hudson Rock – a cybercrime intelligence firm. Back in early 2020, he saw in the same hacking forum about a vulnerability that allowed seeing the phone number linked to every FB account. Back then the info has a price and his discovery didn’t gain any traction in the news media. Now, things have progressed as the free leak includes phone numbers, Facebook IDs, full names, locations, birthdates, and at times even email addresses, account creation date, and relationship status.
A Facebook representative spoke with Business Insider (BI) and said that the breach stems from a vulnerability from 2019 that they have since patched. Still, with the nature of information being semi-permanent (how often do you change your full name in FB, right?), it still places the compromised users into huge vulnerability. As BI notes, they have verified a sample of the data by ‘matching known Facebook user’s phone numbers with the IDs listed in the data set.’ They also tested email addresses by using FB’s password reset feature, which partially reveals the user’s phone numbers.
“A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks [or] hacking attempts,” Gal said to Business Insider.
This was not the first time a breach of this degree happened in Facebook. Back in September 2019, TechCrunch reported about the leak of 400m plus users across the world, revealing their Facebook ID and phone number. Zuckerberg also faced heat when Cambridge Analytica was able to get info of 80 million users in the US and use it for targeting political ads during the 2016 election.