Sensitive data of over 553 million Facebook users is made available for free online, containing users’ names, phone numbers, gender, etc. The dump was reportedly obtained in 2019 by a hacker, who exploited a now-patched vulnerability on Facebook. While it was sold for a sum initially, it’s now available for free, exposing to more cybercrimes.
Facebook Users Data Leaked
First seen by Alon Gal, CTO of a cybercrime intelligence firm named Hudson Rock, the database was listed for sale in a popular hacker forum mid-last year. It’s reported that the dump was actually from 2019, where a hacker has stolen it from Facebook after exploiting a vulnerability in its ‘Add Friend’ feature.
All 533,000,000 Facebook records were just leaked for free.
This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.
I have yet to see Facebook acknowledging this absolute negligence of your data. https://t.co/ysGCPZm5U3 pic.twitter.com/nM0Fu4GDY8
— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
This allowed them to gain access to the users’ phone numbers. The whole dataset, including others details, may have been scrapped. This was said to be containing records of about 533,313,128 users, regarding their name, gender, Facebook ID, location, and phone number. In some cases, it also has the relationship status, occupation, date of birth, and email addresses of some users.
This database was initially sold for $30,000 in a popular hacker forum and later sold for just over $2 in the same forum. Now, it’s made available for free online, with the database divided as per country basis. While this may increase the hacker’s reputation, it’s now paving the way for new cybercrimes.
As the URLs to this leaked and categorized database are shared in Pastebin, people are rushing to download the database and find their names within. Last year, one made a Telegram bot that would render search results for a small fee.
This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019. https://t.co/mPCttLkjzE
— Liz Bourgeois (@Liz_Shepherd) April 3, 2021
While people are getting mad over this database, Liz Bourgeois, Director of Strategic Response Communications at Facebook, said it’s from a 2019 leak and fixed in August 2019. Yet, it’s now a trove of PII that can be leveraged for any impersonating cybercrimes or other forms.