Names, phone numbers, birth dates and email addresses of 533-million Facebook users appeared on a hacking forum over the weekend, available for anyone who wanted it. For free. The data was scraped back in 2019 when the information became vulnerable and was later fixed by Facebook. While this data is two years old, it is still valuable to cybercriminals.
The leak first came to light in January this year, when the phone number data was offered for sale through a Telegram bot. Now, however, the full database has been made available for free, increasing the chances of it getting in the wrong hands.
Facebook currently has over 2.8 billion users (roughly 2.4 billion back in 2019), so the chance of any Facebook user’s data being included is roughly one in five. However, it also seems that some countries’ users were affected more than others, with the highest concentration being from countries in the Middle East and Asia.
- LG to close its smart phone business
- Digital Vaccine Passports are coming
- Apple Arcade gets a huge upgrade with 32 new games
That said, the numbers are still significant from the US and Europe. According to a breakdown of the numbers (opens in new tab), 26% of UK users and 13% of US users are affected. According to Troy Hunt (opens in new tab), creator of haveibeenpwned (opens in new tab) the data contains a relatively small number of email addresses, but a significant number of phone numbers, which are still valuable in the wrong hands.
Alon Gal (Under the breach) (opens in new tab), who first discovered the leak back in January and again this weekend, stated on Twitter that “Bad actors will certainly use the information for social engineering, scamming, hacking and marketing.”
havebeenpwned confirmed that it has added the data to its compromised email address list and may also add a phone number functionality. We expect many of the password protection programes to offer a similar service. Until then, we recommend you stay vigilant.