The data is widely available and accessible to exploit to anyone and everyone with some degree of technical know-how.
Personal data of over 533 million Facebook users from more than 100 countries including over 6 million (60 lakh) records on users in India has reportedly leaked online. The breach, which may be the biggest in the history of the social media giant, is said to include phone numbers, Facebook IDs and bios, full names, birth dates, locations, even email addresses in some cases.
All 533,000,000 Facebook records were just leaked for free.
This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.
I have yet to see Facebook acknowledging this absolute negligence of your data. https://t.co/ysGCPZm5U3 pic.twitter.com/nM0Fu4GDY8
— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
Alon Gal, who is the CTO of cybercrime intelligence firm Hudson Rock, spotted the leak on Saturday, and reported his findings on Twitter. Gal is notably the same researcher who had blown the whistle on what appears to be the same leaked database previously accessible via a Telegram bot in January. While back then, the person behind the bot was selling the leaked data to those who were willing to pay for it, the difference this time is that all this data is now available for free in a low-level hacking forum.
“A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks [or] hacking attempts,” Gal was quoted by Business Insider as saying. Facebook was not available for comment.
The database is said to have leaked in the aftermath of a vulnerability that Facebook had patched in 2019. But not many people tend to change their phone numbers very often, so the accuracy of the data could be very high. While in the past, this data was up for sale by a person who was selling a phone number or Facebook user ID for 20$ or in bulk for 5,000$ through a Telegram bot, it is now widely available and accessible to exploit to anyone and everyone with some degree of technical know-how.
This is not the first time that Facebook has been caught foot in mouth over a data leak. In 2019, data of 419 million Facebook and 49 million Instagram users was exposed in databases online. In the same year, it had faced another data breach leaving data of 267 million users exposed. Before that, there was the infamous Cambridge Analytica scandal, which was perhaps the first time Mark Zuckerberg’s company had come under the radar for its data collection practices.