Over 533 million Facebook users fall victim to hacking
A hacker has reportedly published their phone numbers, stole their personal dataEuropost
At the end of last week, a user in a low-level hacking forum posted the phone numbers and the personal data of 533 million Facebook users for free. The exposed data includes the personal information of users from 106 countries, including more than 32 million records on users in the United States, 11 million on users in the UK, and 6 million on users in India.
The hacking included Facebook IDs, phone numbers, locations, full names, bios, birthdates, and email addresses.
Business Insider reviewed a sample of the leaked data and verified the records by matching known Facebook users' phone numbers with the IDs that are listed in the data set. The publication also verified records by testing the email addresses from the data set in Facebook's password reset feature, which can be used to reveal the phone number of the Facebook user.
A Facebook spokesperson told Business Insider that the data was scrapped because of a vulnerability that Facebook patched back in 2019. But the fact that the data seems to have been obtained through scraping is bound to shake some nerves at the Facebook headquarters, which has faced outrage over scraping incidents in the past.
According to Gizmodo, the most infamous scraping incident has been the Cambridge Analytica scandal, in which the analytics firm harvested user data of millions of users without their consent and used it to predict and to influence the users at the polls.
The director of strategic response communications at Facebook, Liz Bourgeois, posted then on Twitter on 3 April that this is old data that was previously reported on in 2019. She said that they found and fixed the issue back in August 2019.
Even if it's true and the information is a couple of years old, the leaked data could give valuable information to cybercriminals who use people's personal information to impersonate them or to scam them into handing over login credentials, as per Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, who discovered the whole trough of leaked data online.
Gal told Business Insider that the database of that size containing the private information like phone numbers of a lot of Facebook's users would definitely lead to people taking advantage of the data to perform social engineering attacks or hacking attempts.
Gal first discovered the leaked data back in January when a user in the same hacking forum advertised an automated bot that could give phone numbers of Facebook users in exchange for a certain amount of money. The Motherboard reported on that bot's existence at the time and verified that the data was real. The whole dataset has been posted on the hacking forum for free, making it available to anyone with rudimentary data skills.
Cybersecurity experts stated that there is not much that Facebook can do to help users at this point since the data is already out there besides letting them know that it happened and telling them to be careful of scams.
But there are still some questions that are unanswered. Will Facebook do more to protect the users? Even if the data is from 2019, it is still dangerous for Facebook users.