- The personal information of over 500 million Facebook users has been posted online in a low-level hacking forum.
- The data includes telephone numbers, full names, location, e-mail address and biographical information.
- Security researchers warn that the data could be used by hackers to emulate people and commit fraud.
- See more stories on Insider’s business page.
A user in a low-level hacking forum has published phone numbers and personal information to hundreds of millions of Facebook users online for free.
The exposed data includes personal information about over 533 million Facebook users from 106 countries, including over 32 million posts on users in the US, 1
Insider reviewed a selection of the leaked data and verified several records by matching the phone numbers of known Facebook users with the IDs listed in the dataset. We also verified records by testing email addresses from the dataset in Facebook’s password reset feature, which can be used to partially reveal the user’s phone number.
The leaked data could provide valuable information to cybercriminals who use people’s personal information to impersonate them or scam them to pass on login information, according to Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, who first discovered the leaked data on Saturday.
“A database of the size that contains private information, such as the telephone numbers of many of Facebook’s users, will certainly lead to bad actors using the data to carry out social technology attacks. [or] hacking attempts, Gal told Insider.
Facebook did not immediately respond to further requests for comment.
Gal first discovered the leaked data in January when a user in the same hacking forum announced an automated bot that could provide phone numbers to hundreds of millions of Facebook users in exchange for a price. The motherboard reported the existence of that fine at the time and confirmed that the data was legitimate.
The entire dataset has now been posted on the hacking forum for free, making it widely available to anyone with rudimentary computer skills.
—Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
This is not the first time a large number of Facebook users’ phone numbers have been revealed online. A vulnerability that was discovered in 2019, meant that millions of people’s phone numbers could be deleted from Facebook’s servers in violation of the terms of service. Facebook said that the vulnerability was updated in August 2019.
Gal said that from a security point of view, there is not much Facebook can do to help users affected by the breach, since their data is already out in the open – but he added that Facebook could notify users so they could be on guard for possible
schemes or scams using their personal data.
“Individuals who sign up for a reputable company such as Facebook trust the data and Facebook [is] intended to treat the data with the utmost respect, “said Gal.” Users who have had personal information leaked are a major breach of trust and should be dealt with accordingly. “