Personal Information Of 533 Million Facebook Users Leaked Online

It seems that Facebook’s data privacy issues won’t ever end. Security researcher Alon Gal has recently revealed that the personal information belonging to around 533 million Facebook users has been leaked online.

The massive dataset is currently being shared on various underground hacking forums for free, and it affects users from 106 countries including every country in the MENA region. At 32 million records, US Facebook users represent the greatest chunk of the dataset, followed by 11 million users from the UK, and 6 million users from India.

Besides user’s full names, the leak includes their phone numbers, Facebook IDs, locations, birthdates, bios, and sometimes even email addresses.

“So what’s the impact? For a targeted attack where you know someone’s name and country, it’s great for mobile phone lookup,” explains Troy Hunt, the creator of the Have I Been Pwned database. “But for spam based on using phone number alone, it’s gold. Not just SMS, there are heaps of services that just require a phone number these days, and now there’s hundreds of millions of them conveniently categorized by country with nice mail merge fields like name and gender.”

Twitter: @UnderTheBreach

The stolen information actually comes from 2019, and cybercriminals had access to it for quite some time now through a Telegram bot, which makes it possible to look up a phone number and receive the corresponding user’s Facebook ID, and the other way around — all for a small fee.

Also Read: Exploits In Microsoft Exchange Used To Breach Over 30,000 Organizations

“This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019,” said Liz Bourgeois, Facebook’s director of strategic response communications, in a Saturday tweet.

Old or not, the fact that the personal information of half a billion Facebook users is circulating around on the internet for free is the least the social media giant and its users need right now considering the number of new cybersecurity threats created by the COVID-19 pandemic. Hopefully, Facebook will take the steps necessary to minimize the impact of the breach and protect its users.

To find out whether or not your Facebook account data was among the leak, go to HaveIBeenPwned.com and enter the email address you use to login to Facebook with. If your email address is detected within the millions of accounts, HaveIBeenPwned will let you know.