Over 533 million worldwide Facebook users data leaked on a popular cyber-crime forum for free.
Tech Giants Data Breach
A threat actor has published details for an estimated 533 million Facebook users — on a publicly accessible cybercrime forum.
In addition, Data of 553 million Facebook users (about a fifth of the entire social network’s user pool) including:
- Facebook ID numbers
- Profile names
- Email addresses
- Location information
- Gender details and other information posted online.
Furthermore, the database also contains phone numbers for all users, information that is not always public for most profiles i.e. that had not made their number public on the site.
Data Harvested From Facebook Vulnerability
However, the data leaked for free which was harvested by hackers in 2019 using a Facebook vulnerability “Add Friend” feature — allowing them to gain access to member’s phone numbers. .
In a Saturday tweet, Liz Bourgeois, Facebook’s director of strategic response communications, stated:
On the other hand, while data breaches are initially sold in private sales for a high price, here the data was began to sell for cheaper and cheaper until it leaked for free.
In addition, data leak including Facebook’s founders –
- Mark Zuckerberg
- Chris Hughes
- Dustin Moskovitz
which are the 4th, 5th, and 6th members first registered on Facebook.
“This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019,” a Facebook spokeperson told BleepingComputer.
Though the data may be from 2019, making valuable for threat actors, phone numbers and email addresses remain the same over a period of many years.
In total, the data being offered includes user information from 106 countries, the top 20 geographic locations where members were exposed are listed below:
|Location||Number of users|
However, in India over 6,162,450 number of users Facebook data exposed.
A Telegram bot that appeared on the scene earlier this January allowed users to look up a phone number and receive the corresponding user’s Facebook ID, or vice versa for a fee.
But with the data now available publicly for free, threat actors might conduct attacks on the users listed on the data breach.
However, Security attacks including:
- phishing attacks or smishing (mobile text phishing) attacks
- SIM swapping
- marketing scams
- frauds, and more cybercrimes
It is advised that all Facebook users be wary of strange emails or texts requesting further information or telling you to click on enclosed links.
Also recommending users to improve security settings with better passwords, multi-factor authentication.