Hackers have published private data of 533 million Facebook users. The leak includes phone numbers and personal information.
The leaked data was shared on a popular forum frequented by hackers. Although the data is several years old, it is an excellent example of the tremendous amount of data that Facebook has in its possession and the danger that data presents to user’s privacy.
The data was originally collected in 2019 due to a vulnerability in the Facebook software. Although Facebook was quick to patch the vulnerability, there was no way to prevent the hackers from extracting the vast amount of data.
The Facebook company’s size means that their technology platform presents a large surface area for hackers to attack. Having such a large attack surface makes it difficult to maintain a constant and solid defense. As we have seen, it only takes one vulnerability to enable massive theft of private data.
The data exposed includes private information of over 533 million Facebook users from 106 countries. This data includes phone numbers, Facebook IDs, names, geolocation data, birthdates, personal bios, and email addresses.
The leak includes more than 32 million records for users in the United States.
The leaked data was first discovered to be freely available online by Alon Gal, CTO of cybercrime intelligence firm Hudson Rock.
The Cyber Security Herald understands the leaked Facebook database was previously sold for five figures and then further circulated at lower costs until it was made freely available.
Threat actors have had a significant amount of time to exploit the leaked database and make the most of the data being tightly held amongst a small number of pay-per-use actors.
The Cyber Security Herald has attempted to reach the user on Telegram that posted the leaked data online but so far, we have not received a response.
In a tweet, company spokesperson Liz Bourgeois was quick to comment that the leak was considered old and stems from a fixed problem in 2019. “We found and fixed this issue in August 2019,” Bourgeois wrote.
Mark Zuckerberg’s mobile number included in the data leak
No doubt, however, that Mr. Zuckerberg has long since changed his mobile number.