An astounding 533 million Facebook users have been affected by a massive data leak on a dark web forum. The leaked data includes users’ personal information, a part of which was leaked back in 2019 due to a vulnerability, while hackers may have scraped the remainder from public Facebook profiles.
Only a week after Facebook took down Evil Eye, the hacking campaign targeting Uyghurs in eastern China, the company is back in the limelight again, this time for all the wrong reasons. The personal information of a whopping 533 million of its users’ has surfaced – for free no less – on an online hacking forum, the Business Insider reportedOpens a new window .
Alon Gal, the chief technology officer at Hudson Rock, first discovered the massive data leak in January this year. According to Gal, a user on the same forum where this data surfaced last week, advertised an automated bot that provided phone numbers of Facebook users in exchange for a fee. Since this data was in possession of hackers as early as 2019, a significant chunk (65%) of it was already available in the Have I Been Pwned breached data repository.
The leaked data is associated with Facebook users from 106 countries and includes users’ full names, Facebook IDs, bios, phone numbers, locations, gender, relationship status, occupation, dates of birth, and email addresses. This data was reportedly breached in 2019 due to a vulnerability in FacebookOpens a new window that allowed a user to access another user’s phone number upon hitting the ‘Add Friend’ function on the social media platform.
This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019.
— Liz Bourgeois (@Liz_Shepherd) April 3, 2021Opens a new window
While the quantum of data differs for each Facebook user, what’s common in the leaked information of the 533,313,128 users are their mobile numbers, names, and gender. Going by reports, it is clear that at least the phone numbers were sourced (stolen?) from the now-fixed vulnerability.
Facebook confirmed to BleepingComputerOpens a new window that the data is, in fact, from 2019. The company said, “This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019.” However, it remains unclear where the remainder of the information came from, with all fingers pointing towards hackers scraping data off public Facebook profiles.
See Also: IoT Giant Ubiquiti Covered Up Data Breach Impact, Whistleblower Alleges
“Such information is a goldmine for scammers, so we can expect to see more personalized phishing or social engineering attacks all over the world, especially as this information has been posted for free. It means that anyone with shady intentions was able to get their hands on it,” said Daniel MarkusonOpens a new window , Digital Privacy Expert at NordVPN.
The massive trove of leaked data, offered for sale for just $2.19 on a dark web forum, also contains the phone numbers of Facebook CEO Mark Zuckerberg, Chris HughesOpens a new window , the co-chair of Economic Security Project, and Asana CEO Dustin MoskovitzOpens a new window . Both Hughes and Moskovitz are also co-founders of Facebook.
There are no user IDs 0-3. The only other single-digit user IDs in the leak seem to be:
ID 5: Chris Hughes
ID 6: Dustin Moskovitz— @mikko (@mikko) April 4, 2021Opens a new window
Geographic Distribution of Leaked Facebook User Data
Of the 533 million users affected by the leak, 32 million are from the United States, 39 million are from Tunisia, 44 million are from Egypt, 19 million from France, 17 million from Iraq and Colombia each, 11 Million from Malaysia, 11 million from the United Kingdom, 9 million from Russia, 8 million from Brazil, and 6 million are from India. The complete list of affected users was shared by Gal on Twitter.
— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021Opens a new window
If you think you are among the 533 million affected Facebook users, you can head over to the Have I Been PwnedOpens a new window website and confirm if your email address is on the list of leaked data records.
Considering the data leak exposed the phone numbers and email addresses of over half a billion people, Facebook users should be on the alert for phishing calls, emails, and texts and should take the following steps to detect phishing attacks:
- Check the sender’s address or telephone number. Don’t just trust the display name – pay attention to the email address, telephone number, and other sender credentials.
- Look for spelling and grammar mistakes, design issues. Serious companies and institutions don’t usually send out emails with bad grammar; email design is usually lean and precise.
- Don’t click on links or download attachments. If that’s an email – hover your mouse over the link to see the destination link. Check if it looks legitimate and, especially, if it contains the “https” part to indicate a secure connection. If that’s and SMS – it’s better to search for the website yourself.
- Consider context. Were you expecting such an email or SMS? If not, it is probably suspicious, especially if the offer is too good to be true.
- When in doubt, contact the company or institution over the phone or alternative email address and ask to confirm if the email is legitimate.
- If you notice something unusual – report the incident to the authorities. Raising the alarm can help many others affected by the leak as well.
Let us know if you liked this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!
