According to a report Number of Facebook Users from Business Insider on Saturday, users on a hacker forum have posted the number of Facebook users personal data online for free. The public data includes the personal information of more than 533 million Numbers of Facebook users from 106 countries/regions, including more than 32 million U.S. user records, 11 million U.K. user records, and 6 million Indian user records. It includes their phone number, Facebook ID, full name, location, birthday, resume, and in some cases email address.
A large amount of information appears to be the result of a security breach that allowed the scraping of user information, including phone numbers, from Facebook’s huge database of personally identifiable information.
The initial vulnerability is believed to have caused the increase in this vulnerability. The initial report was in September 2019. Facebook claimed to have resolved and confirmed the security breach in August of the same year.
A Facebook spokesperson told Bloomberg: “This is old data previously reported in 2019.” This shows that users who joined Facebook after August 2019 are unlikely to expose their data in this leak.
Insider reviewed samples of the leaked data and verified several records by matching the phone numbers of known Number of Facebook users with the IDs listed in the data set. The business news website also verified records by testing email addresses from the dataset in Facebook’s password reset function, which can be used to partially display the user’s phone number.
Reuters did not immediately review the information. On a well-known low-level hacker website, Reuters provided digital credit worth a few euros, but Alon Gal, the chief technology officer of the cybercrime intelligence company Hudson Rock, stated that he had already By comparing with the phone numbers of people he knows, the authenticity of at least some of the data is verified.
According to Gal first discovered on Saturday, the leaked data may provide valuable information for cybercriminals who use people’s personal information to impersonate others or trick them into handing over their login credentials.
All 533,000,000 Facebook records were just leaked for free.
This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.
— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
Although the data posted on the hacker forum may not be new, it is still important. Earlier this year, Motherboard reported that a cybercrime forum was using the same data collection to sell access to phone numbers associated with the Number of Facebook Users account. Users even set up an automated system in which potential buyers can communicate with a bot on the instant messaging app Telegram, enter a person’s name and provide their phone number.
At the time, Alon Gal, co-founder, and CTO of Hudson Rock told Motherboard that the database was “very worrying” and warned that “this database will seriously harm us Privacy, and will definitely be used by bad actors for fraud and other fraudulent activities.
“Now, data no longer has a small barrier to access to paywalls; anyone can use it for free. All you need to access is to know its hosting location and some fairly low-level database navigation skills. Gal warned on Twitter: “Bad actors will definitely use this information for social engineering, fraud, hacking, and marketing.”
Facebook is in trouble with this violation because it is not a new thing, so the company has little to do. However, this reminds us of how many number of Facebook users data the company collects and sometimes negligent when protecting information.
Currently, Facebook cannot prevent these data from being transmitted and used for malicious reasons. Information such as phone numbers, email addresses, and dates of birth is almost always valuable to malicious actors, no matter how old they are, because they rarely or never change. Although it has a history of nearly two years, it still has this default value.