In what is likely a goldmine for bad actors, personal information associated with approximately 533 million Facebook users worldwide was leaked for free on a popular cybercrime forum, which was collected by hackers in 2019. using a Facebook vulnerability.
The leaked data includes full names, Facebook IDs, mobile phone numbers, locations, email addresses, gender, occupation, city, country, broken marital status, account creation date, and other profile details by country, with more than 32 million records belonging to users. in the US, 11 million users in the UK, and 6 million users in India, among others.
In total, the data offered includes information from users from 106 countries. Furthermore, the data appears to have been obtained by exploiting a vulnerability that allowed automated scripts to scrape the public profiles of Facebook users and associated private phone numbers in droves. Since then, Facebook has fixed the flaw.
“This is old data that was previously reported in 2019. We found and fixed this issue in August 2019,” Liz Bourgeois, Facebook’s director of strategic response communications, said in a Saturday tweet.
Old data or not, the fact that the data appears to have been obtained by scraping Facebook profiles further complicates the company’s privacy equation, even as it has emerged relatively unscathed after the Cambridge Analytica data scandal, in which the British consulting firm accumulated the personal data of millions of Facebook users without their consent for political advertising purposes.
While this data dump appears to have been sold in cybercrime communities since at least last year, a Telegram bot that appeared on the scene in early January allowed users to search for a phone number and receive the user’s Facebook ID. corresponding, or vice versa for a fee. .
But with the data now publicly available for free, the leak is likely to allow malicious adversaries to exploit information for social engineering, marketing scams, and other cybercrimes. Users who have shared their phone numbers and email addresses with Facebook and have not changed them since 2019 are advised to be on the lookout for possible smishing attacks, spam calls, and scams.