A user in a low-level hacking forum on Saturday published the phone numbers and personal data of hundreds of millions of Facebook users for free online.
“The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India,” according to sources. “It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses.”
The list of leaked was first tweeted by Alon Gal, CTO of security firm Hudson Rock, which consisted of affected users categorized by country. According to the data in the list, in the US around 32.3 million affected users and the UK had 11.5 million. The leaked data was accessed using a Telegram bot.
In addition to it, Gal further informed about a database of that size contains private information such as phone numbers of a lot of Facebook’s users that would certainly lead to bad situations if the data is to perform social engineering attacks or hacking attempts. Consequently, the entire dataset has been published on the hacking forum for free, making it broadly attainable by anyone with fundamental data skills.
However, it is not the first time that a large number of Facebook users’ phone numbers have been found exposed online. A vulnerability that was discovered in 2019 released millions of phone numbers to be scraped from Facebook servers in violation of its terms of service. Facebook stated that vulnerability was patched in August 2019.
The tech giant previously vowed to crack down on mass data-scraping after Cambridge Analytica scraped the data of 80 million users in violation of Facebook’s terms of service to target voters with political ads in the 2016 election.
Source: Business Insider