533 Million Facebook Users’ Personal Data Leaked Online
The Mobile Phone Numbers and Other Personal Information for Approximately 533 Million Facebook Users Worldwide Has Been Leaked on A Popular Hacker Forum for Free.
On Saturday a user from a low-level hacking forum published the phone numbers and personal data of hundreds of millions of Facebook users for free. The data that was leaked includes personal information belonging to over 533 million Facebook users from 106 countries, such as phone numbers, Facebook IDs, full names, locations, birthdates, bios, and email addresses.
It seems that the stolen data first appeared on a hacking community in June 2020 when a member began selling the Facebook data to other members, but what made the leak stand out was the fact that the data contained member information that can be scraped from public profiles and private mobile numbers associated with the accounts.
“This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019”, a Facebook spokesperson told BleepingComputer.
The data is 2 years old but it can still be valuable to cybercriminals who use people’s personal information to impersonate them or scam them into handing over login credentials.
All 533,000,000 Facebook records were just leaked for free.
This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.
— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
The leaked data was first discovered in January when a user advertised an automated bot able to provide phone numbers for hundreds of millions of Facebook users for a price.
Included in the data leak are the phone numbers for three of Facebook’s founders – Mark Zuckerberg, Chris Hughes, and Dustin Moskovitz, which are the 4th, 5th, and 6th members first registered on Facebook.
The data set has been posted on the hacking forum for free, making it available to anyone with rudimentary data skills, which means that threat actors can use it to conduct attacks on the people listed in the data leak in phishing attacks using the mobile numbers and leaked info to perform SIM swap attacks and steal multi-factor authentication codes sent via SMS.