A massive trove of hacked data from more than 500 million Facebook users was made easily accessible Saturday — including Mark Zuckerberg’s cellphone number.
In what’s likely to be a goldmine for bad actors, personal information associated with approximately 533 million Facebook users worldwide has been leaked on a popular cybercrime forum for free—which was harvested by hackers in 2019 using a Facebook vulnerability.
The leaked data includes full names, Facebook IDs, mobile numbers, locations, email addresses, gender, occupation, city, country, marital status broken, account creation date, and other profile details down by country, with over 32 million records belonging to users in the U.S., 11 million users the U.K., and six million users in India, among others.
The information was initially stolen in January, after hackers exploited a vulnerability related to phone numbers associated with Facebook accounts, ultimately creating a massive database of private data.
On Saturday, the database became readily accessible to those with basic data skills after it was posted to a hacker forum, according to Bloomberg.
Facebook dismissed the data as “very old” but security expert Dave Walker pointed out the company’s own CEO was victimized in the hack.
“Regarding the #FacebookLeak, of the 533M people in the leak – the irony is that Mark Zuckerberg is regrettably included in the leak as well. If journalists are struggling to get a statement from @facebook, maybe just give him a call, from the tel in the leak?”
he tweeted alongside a screenshot of Zuckerberg’s name and information with the phone number partially blacked out.
While Facebook appeared to be trying to use the 2019 time peg to minimize the impact of the leak, Insider explains that bad actors can still do damage with old data. Alon Gal, co-founder and CTO of Israeli cybercrime intelligence firm Hudson Rock, told the outlet that a database of that size would result in criminals taking advantage of the data to carry out social engineering attacks or hacks.
Gal was the one who first discovered the leaked Facebook data on Saturday, per Insider. This wasn’t the first time he knew of the database’s existence, though. Back in January, Gal sounded the alarm on a hacker that had created a Telegram bot that allowed people to find phone numbers for specific Facebook accounts via the leaked data set for a fee. Gal informed Motherboard at the time, which confirmed the data’s legitimacy.
It’s not the first time Facebook has its users’ data leaked online. In 2020, Mark Zuckerberg’s company was involved in a controversial situation regarding privacy issues and confirmed that thousands of developers had been able to access data from inactive users, which is unexpected behavior.
Before that, there was the Cambridge Analytica controversy, in which the company not only got access to the data of anyone who gave permission to a third-party ‘personality quiz,’ but Facebook allowed the app some access to the data of their friends also.
The company has not addressed this new data leak yet, but it could be the worst leak Facebook’s ever been involved.
Old data or not, the fact that the data appears to have been obtained by scraping Facebook profiles further complicates the company’s equation with privacy, even as it has emerged relatively unscathed in the wake of the Cambridge Analytica data scandal, in which the British consulting firm amassed of the personal data of millions of Facebook users without their consent for purposes of political advertising.
While this data dump appears to have sold in cybercrime communities at least since last year, a Telegram bot that appeared on the scene earlier this January allowed users to look up a phone number and receive the corresponding user’s Facebook ID, or vice versa for a fee.
But with the data now available publicly for free, it’s likely that the leak will allow malicious adversaries to exploit information for social engineering, marketing scams, and other cybercrimes. Users who have shared their phone numbers and email addresses with Facebook and have not changed them since 2019 are advised to watch out for possible smishing attacks, spam calls, and fraud.
However, there are still some questions unanswered. Even if this data is from 2019, what does this really mean for users? Insider was able to purportedly match phone numbers with IDs in the leaked data set now. In fact, I know friends that have had the same phone number for over a decade. What can users do in this situation? Nothing.. they are screwed and there is nothing Facebook will or can do about it now.
- Here Is a List of the District Attorneys Owned by George Soros - January 20, 2022
- The Massive Damage Caused by Directed Energy Beams - January 20, 2022
- Are California “Wildfires” Being Caused by Directed Energy Weapons (Lasers)? - January 20, 2022