Over 500 million Facebook users’ personal data have been leaked online in a low-level hacking forum. look trend micro q3lyngaascyberscoop.
Phone numbers, full names, addresses, email addresses, and biographical data are all included.
According to security experts, hackers might use the information to conduct fraud and pose as real people.
Get the most recent tech news and scoops delivered to your inbox every day.
On Saturday, a user on a low-level hacker forum made available for free the contact information and personal information of hundreds of millions of Facebook users.
Over 533 million Facebook users’ personal data from 106 different countries was exposed, including over 32 million records for US users, 11 million for UK users, and 6 million for Indian users. It contains their contact information, Facebook IDs, full names, addresses, dates of birth, biographies, and, in some cases, email addresses.
By cross-referencing known Facebook users’ phone numbers with the IDs included in the data collection, an insider examined a sample of the stolen information and validated several records. We also tested emails from the data set in Facebook’s password-reset feature, which can be used to partially reveal a user’s phone number in order to verify records.
Due to a flaw that the firm remedied in 2019, a Facebook spokeswoman told Insider that the data had been scraped.
Alon Gal, the chief technology officer of the cybercrime intelligence company Hudson Rock, who discovered the trough of leaked data on Saturday, claims that despite being a couple of years old, the leaked data could be useful to cybercriminals who use people’s personal information to impersonate them or con them into handing over login credentials.
According to Gal, “a large database that contained the private information, such as phone numbers, of many Facebook users would undoubtedly result in bad actors using the data to undertake social-engineering assaults [or] hacking attempts.”
When a user in the same hacker forum advertised an automated bot that could provide phone numbers for hundreds of millions of Facebook users for a fee, Gal came across the stolen information in January. At the time, Motherboard confirmed that the data was accurate and reported on the existence of that bot.
Now that the data set has been freely uploaded on the hacker forum, anyone with a basic understanding of data can access it.
Insider used the messaging service Telegram to try and contact the leaker but received no response.
Numerous Facebook users’ phone numbers have previously been discovered online in an open state. In violation of Facebook’s terms of service, the vulnerability discovered in 2019 allowed millions of phone numbers to be scraped from its systems. Facebook reported that the flaw was fixed in August 2019.
After Cambridge Analytica violated Facebook’s terms of service by collecting the data of over 80 million users in order to target voters with political advertisements during the 2016 election, Facebook committed to take action against bulk data-scraping.
From a security perspective, according to Gal, Facebook couldn’t do much to assist people who had their data exposed; however, he noted that Facebook could alert users so they could be on the lookout for fraud or phishing schemes using their data.
People who sign up with a respected firm like Facebook are entrusting them with their personal information, and Facebook is responsible for treating that information with the highest respect, according to Gal. “Users’ personal information being disclosed is a serious violation of trust and should be addressed appropriately.”