Personal data from 533 million Facebook accounts has reportedly leaked online free of charge, in response to safety researcher Alon Gal. Insider mentioned it verified a number of of the leaked data.
“The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India,” in response to Insider. “It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses.”
If that 533 million quantity may sound acquainted to you, that’s as a result of this info is seemingly from the identical dataset that folks may pay for parts of utilizing a Telegram bot, which Motherboard reported on in January. Now, although, it seems that those that need to get their palms on the data gained’t need to pay something in any respect.
Phone quantity, Facebook ID, Full identify, Location, Past Location, Birthdate, (Sometimes) Email Address, Account Creation Date, Relationship Status, Bio.
Bad actors will definitely use the knowledge for social engineering, scamming, hacking and advertising and marketing.
— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
Facebook advised Insider that this data was scraped as a result of of a vulnerability that it fastened in 2019. The firm gave an identical reply to Motherboard in January. “This is old data that was previously reported on in 2019,” Facebook advised BleepingComputer. “We found and fixed this issue in August 2019.” Facebook has not replied to a request for remark from The Verge.
Troy Hunt, the creator of the Have I Been Pwned database, mentioned on Saturday that “I haven’t seen anything yet to suggest this breach isn’t legit.” In the data, he discovered solely about 2.5 million distinctive e mail addresses (which remains to be rather a lot!), however apparently, “the greatest impact here is the phone numbers.” Here’s what which may imply, in Hunt’s phrases:
But for spam primarily based on utilizing cellphone quantity alone, it is gold. Not simply SMS, there are heaps of companies that simply require a cellphone quantity today and now there’s a whole bunch of hundreds of thousands of them conveniently categorised by nation with good mail merge fields like identify and gender.
— Troy Hunt (@troyhunt) April 3, 2021
If you may, I strongly suggest taking a pair minutes to learn Hunt’s full Twitter thread in regards to the breach.
Hunt has already loaded the leaked e mail addresses into Have I Been Pwned, that means you may verify to see if yours was included as half of the dataset. He is nonetheless contemplating whether or not or to not make the leaked cellphone numbers obtainable by the service.
Should the FB cellphone numbers be searchable in @haveibeenpwned? I’m considering by the professionals and cons in phrases of the worth it provides to impacted folks versus the danger introduced if it’s used to assist resolve numbers to identities (you’d nonetheless want the supply data to do this).
— Troy Hunt (@troyhunt) April 4, 2021