Personal info of 533 million Facebook users has been reportedly posted to a site for hackers and this information consists of names, phone numbers, and birth dates. According to the information security experts, this information is going to be utilized for cybercrimes by some bad actors.
One can gain access to this info on a hacking forum for free and this makes it widely accessible to anybody having rudimentary data expertise. Several records were verified by the publication by matching down the phone numbers of the Facebook users with the IDs listed, and other records were confirmed by verifying email addresses from Facebook’s password reset feature data set that can be used for revealing the phone number of a user partially.
This particular data set consists of information of more than 500 million users from as many as 106 nations as per Business Insider. This data which seems to be quite a few years old had been first invented by Alon Gal who happens to be the CTO of cybercrime intelligence company Hudson Rock.
According to Business Insider, this exposed information comprises personal info of more than 500 million users of Facebook from 106 nations which includes more than 32 million records on the US users, 12 million records on the UK users, as well as 6 million records on Indian users. It consisted of their Facebook IDs, phone numbers, full names, dates, locations, bios, and on some occasions email addresses.
It is a fact that the 533 million number might appear to be familiar to you since this info is apparently identical to the data set which individuals might pay for parts of employing a Telegram bot which was reported by Motherboard in January. However, now it seems that individuals who like to get their hands on the information will not need to pay anything whatsoever.
It was reported by Facebook to Insider that this information had been scraped due to a vulnerability which it resolved in 2019. An identical answer was provided by the company in January to Motherboard. Facebook mentioned that this old information had been previously reported on in the year 2019. Facebook further added that they discovered and resolved this problem in August 2019.
According to Troy Hunt, the developer of the Have I Been Pwned database, he has not yet seen anything to recommend this breach not to be legitimate. He found just 2.5 million email addresses in that particular data; however, apparently, the most significant impact happens to be the phone numbers. In the words of Hunt, it may suggest like this:
It is absolutely gold except for the spam based on employing phone numbers alone. There are lots of services which simply need a phone number at present apart from SMS, and you will come across lots of them categorized conveniently by country with excellent mail merge fields such as gender and name.
The leaked email addresses have already been loaded by Hunt into Have I Been Pwned which indicates that it will be possible for you to verify whether yours had been included as a part of this dataset. Hunt is nevertheless considering whether to make the phone numbers which have been leaked available by means of the service.
Although Facebook did not respond to any request for comment immediately, a spokesman tweeted that this information was actually from an old leak.
How did Facebook make a response to the leak?
It is a fact that the significance of this leak has been downplayed by Facebook. According to Liz Bourgeois, the Facebook spokesperson, this happens to be old information which was reported on in the year 2019 previously. This issue was discovered and fixed by them in August 2019. In spite of its age, it was possible for this data set to provide better info for identifying scammers and thieves out there.
Gal mentioned in a tweet recently that this information will definitely be used by the bad actors for hacking, marketing, scamming, and social engineering. He further added that databases, particularly if they happen to be rare or large, are not easily shared right away since the individuals holding it will try to monetize it as far as possible. This process can take years on some occasions; however, ultimately all private databases are going to leak in case they had been sold around.
The business model of Facebook has been threatened by data leaks in terms of accumulating a large amount of personal info and employing that for selling targeted advertisements.
Has the user data of Facebook been leaked previously?
It is a fact that Facebook has struggled with security as well as privacy mishaps during the last few years. In the year 2019, it was discovered by a security researcher that a trove of information which could be accessed by anybody online contained in excess of 267 million phone numbers, user IDs, and names of Facebook users.
Previously in the year 2019, it was found by the security researchers that in excess of 540 million records of Facebook users which consisted of likes and comments were present in a public database in the cloud servers of Amazon. Later that particular year, a server was reported by TechCrunch that consisted of a number of databases packed with in excess of 419 million records of Facebook users from the UK, the US, and Vietnam.
In the year 2018, it had been revealed that Cambridge Analytica, a political consulting company in the UK, had accumulated the personal information of millions of users of Facebook. Facebook had been fined $5 billion in July 2019 for violating data privacy by the US Federal Trade Commission. Previously, Facebook made a vow to crack down on data scraping after the information of 80 million Facebook users had been scraped by Cambridge Analytica.
According to Gal, there is not much that can be done by Facebook for helping the users who have been affected by this breach from a security standpoint since the information is already leaked; however, it was added by him that users could be notified by Facebook such that they would remain vigilant for any feasible phishing schemes making use of their personal information.