Facebook accounts have been reportedly leaked online and for free. This was noted by a security researcher, Alon Gal. Sequel to her report, several recorded leaks were also verified by Insider.
According to Insider, ‘the exposed data includes personal information of over 533 million Facebook users from 196 countries.
This includes over 32 million records of users in the USA, 11 million users in the UK, and 6 million users in India.
What was leaked?
The information leaked included users’ phone numbers, Facebook IDs, Full names, Location, birthdates, bios, and – in some cases – email addresses.
One of the affected users is Facebook CEO Mark Zuckerberg and other co-founders, Chris Hughes and Dustin Moskovitz.
https://twitter.com/UnderTheBreach/status/1378314424239460352
The same amount of data was said to be up for sale earlier this year
Don’t get outraged just yet. If you’ve followed closely on data breach incidents this year, the number – 533 million might just sound familiar to you.
Well, that’s because this information is apparently from the same dataset reported by Motherboard in January.
At the time, a group reportedly hacked into about the same amount of private data but requested for a sum before they could share the data with interested parties using a Telegram bot.
However, with this new hack, it appears that those who want desperately to get their hands on all of that hoarded information can get it all for free.
The full list of details hacked and about to be leaked include;
- Phone numbers
- Facebook IDs
- Full names
- Locations (both past itinerary and present).
- Birthdates.
- Email Addresses.
- Account Creation Date.
- Users’ Relationship Status.
- Bio
ALSO READ: Messaging App, Signal Rolls Out Beta Update For Its MobileCoin Payment
What now?
Cybercriminals will most certainly use the information for social engineering, scamming, hacking, and marketing.
However, they are ways through which you can check whether your phone number has been exposed in the data breach.
There are a couple of sites where you can check whether your account details have been leaked online or not.
Alon Gal told Insider that this data was only scrapped because of a vulnerability that Facebook fixed in 2019. Apparently, they’re still vulnerable.
Facebook reportedly gave a similar answer to Motherboard in January. The company commented that it found and fixed this issue in August 2019.
However, Facebook has declined to respond to a request for comment from The Verge.
Comments from online security, and cloud professional
Troy Hunt, the creator of the “Have I Been Pwned” database, said on Saturday that he hadn’t seen anything yet to suggest the breach wasn’t legit.
He also said he found in the data only about 2.5 million unique email addresses (which, I mean, is still a lot!). But apparently, according to him the greatest impact here are the phone numbers.
Analyzing his words, Hunt might have meant that spams based on user phone numbers alone are gold, I mean asides from SMS, there are loads of services that just require a phone number these days.
Right now, there are hundreds of millions of them conveniently and helpfully categorized by country coupled with useful information like name and gender for anyone to use.
If you can, I strongly recommend taking a few minutes of your time to read Hunt’s full Twitter thread about the breach which could be really helpful for you.
So what's the impact? For a targeted attack where you know someone's name and country, it's great for mobile phone lookup. Much harder to do en masse as there's no reliable key; I couldn't take a big list of emails and resolve them to phone numbers as email is rare in the data.
— Troy Hunt (@troyhunt) April 3, 2021
Hunt also loaded the leaked email addresses into Have I Been Pwned, which means you can easily check if your email address was included as part of the dataset.
He announced that he is also still considering whether or not to make the leaked phone numbers available through the service as he is not completely sure it is a wise decision or if it would be helpful or only cause more problems for the users.
Found this interesting? Share!