Sensitive data of over 553 million Facebook users is made available for free online, containing usersโ names, phone numbers, gender, etc. The dump was reportedly obtained in 2019 by a hacker, who exploited a now-patched vulnerability on Facebook. While it was sold for a sum initially, itโs now available for free, exposing to more cybercrimes.
Facebook Users Data Leaked
First seen by Alon Gal, CTO of a cybercrime intelligence firm named Hudson Rock, the database was listed for sale in a popular hacker forum mid-last year. Itโs reported that the dump was actually from 2019, where a hacker has stolen it from Facebook after exploiting a vulnerability in its โAdd Friendโ feature.
All 533,000,000 Facebook records were just leaked for free.
This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.
I have yet to see Facebook acknowledging this absolute negligence of your data. https://t.co/ysGCPZm5U3 pic.twitter.com/nM0Fu4GDY8
— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
This allowed them to gain access to the usersโ phone numbers. The whole dataset, including others details, may have been scrapped. This was said to be containing records of about 533,313,128 users, regarding their name, gender, Facebook ID, location, and phone number. In some cases, it also has the relationship status, occupation, date of birth, and email addresses of some users.
This database was initially sold for $30,000 in a popular hacker forum and later sold for just over $2 in the same forum. Now, itโs made available for free online, with the database divided as per country basis. While this may increase the hackerโs reputation, itโs now paving the way for new cybercrimes.
As the URLs to this leaked and categorized database are shared in Pastebin, people are rushing to download the database and find their names within. Last year, one made a Telegram bot that would render search results for a small fee.
This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019. https://t.co/mPCttLkjzE
— Liz Bourgeois (@Liz_Shepherd) April 3, 2021
While people are getting mad over this database, Liz Bourgeois, Director of Strategic Response Communications at Facebook, said itโs from a 2019 leak and fixed in August 2019. Yet, itโs now a trove of PII that can be leveraged for any impersonating cybercrimes or other forms.