Remember that I talked about the stampede of Whatsapp users to other messenger platforms and the risk that can be beyond accepting Whatsapp's new privacy policies and also using Whatsapp Pay?!
Well, take a close look at this information, the exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million user records in the US, 11 million users in the UK and 6 million users in India. It includes their phone numbers, Facebook IDs, full names, locations, birth dates, bios, and - in some cases - email addresses.
The most common Facebook scams and how to prevent them
Facebook: Leaks and insecurity
The leaked data was analyzed and several records were found to be comparing the phone numbers of known Facebook users with the IDs listed in the dataset. We also verified the logs by testing email addresses from the dataset in Facebook's password reset feature, which can be used to partially reveal a user's phone number.
A Facebook spokesperson said such data was captured due to a vulnerability the company patched in 2019. As of a few years ago, the leaked data could provide valuable information to cybercriminals who use people's personal information to impersonate them. or trick them into handing over login credentials, according to Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, which discovered the leaked data online Saturday.
"A database of this size containing the private information, such as phone numbers of many Facebook users, would certainly lead to bad actors taking advantage of the data to carry out social engineering attacks [or] hacking attempts," said Alon Gal.
All 533,000,000 Facebook records were just leaked for free.
This means that if you have a Facebook account, it is extremely likely that the phone number used for the account was leaked.
I have yet to see Facebook acknowledging this absolute negligence of your data. https://t.co/ysGCPZm5U3 pic.twitter.com/nM0Fu4GDY8
He discovered the leaked data in January, when a user on the same hacking forum announced an automated bot that could provide phone numbers to hundreds of millions of Facebook users as long as the interested party paid for it. Now the entire dataset has been posted to the hacking forum for free, making it widely available to anyone with rudimentary data skills.
This is not the first time that large numbers of Facebook users' phone numbers have been found exposed online. The vulnerability discovered in 2019 allowed millions of people's phone numbers to be stolen from Facebook's servers, violating its terms of service. Facebook said the vulnerability was patched in August 2019, but it appears that data has been circulating freely since 2019.
Facebook had previously vowed to crack down on mass data collection after Cambridge Analytica stole the data of 80 million users in violation of Facebook's terms of service to target voters with political ads in the 2016 election.
Alon Gal said that from a security standpoint, there is not much Facebook can do to help users affected by the breach as their data has already been exposed, but added that Facebook can notify users so they can remain vigilant for possible phishing and scams or fraud with your personal data.
"Individuals who sign up with a reputable company like Facebook are trusting their data and Facebook [must] treat the data with the utmost respect," Gal said. "Users having their personal information leaked is a major breach of trust and should be treated accordingly."
