About a fifth of the social networking platform’s 2.6 billion user base leaked, reports Asian Lite News.
A hacker has posted the phone numbers and sensitive account details of nearly 533 million (53.3 crore) Facebook users — about a fifth of the social networking platform’s entire user base — including over 61 lakh Indian users which has been dumped on a public cybercrime forum.
The leaked data includes Facebook ID numbers, profile names, email addresses, location information, gender details, job data, and other details.
“All 533,000,000 Facebook records were just leaked for free. This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked,” tweeted Alon Gal, CTO of security firm Hudson Rock.
“I have yet to see Facebook acknowledging this absolute negligence of your data,” he added.
Facebook has confirmed the leak to The Record.
“This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019,” a Facebook spokesperson was quoted as saying in the report late on Saturday.
With the data now entering the public domain, there is a real danger that this information can be widely used by cybercriminals for email or SMS spam, robocalls, extortion attempts, threats and harassment, etc.
The data is reportedly broken up into download packages by country.
As Cambridge Analytics still haunts nearly 87 million users, including over 5 lakh users from India, this has come as the biggest ever leak of a social media platform that has billions of users.
In January this year, reports first surfaced that the phone numbers of 533 million users were currently being sold via a bot on encrypted messaging platform Telegram, which came from a Facebook vulnerability that was patched by the social network in 2019.
According to a report in Motherboard, the person selling the database full of Facebook users’ phone numbers ($20 per number) lets customers lookup those numbers by using an automated Telegram bot.
Gal had then said: “It is very worrying to see a database of that size being sold in cybercrime communities, it harms our privacy severely and will certainly be used for smishing (the fraudulent practice of sending text messages) and other fraudulent activities by bad actors.”
However, this time, the Facebook data leak has been published with more details.
This is not the first time that Facebook has been caught foot in mouth over a data leak. In 2019, data of 419 million Facebook and 49 million Instagram users was exposed in databases online. In the same year, it had faced another data breach leaving data of 267 million users exposed. Before that, there was the infamous Cambridge Analytica scandal, which was perhaps the first time Mark Zuckerberg’s company had come under the radar for its data collection practices.
According to a Facebook spokesperson, the bug was only accessible for a short period of time during a small test.
The database, which was first leaked in 2019, was initially being sold on instant messaging platform Telegram for a fee of $20 per search. Facebook had then said that it had patched the vulnerability that has caused the leak. But, in June 2020, and, then in January 2021, the same database was leaked again. The vulnerability was the same: it allowed users to search for a person’s number.