The personal data and phone numbers of over 533 million Facebook users were leaked on a low level hacking forum on Saturday, April 3. As reported by Business Insider, this exposed data is “from users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India.”
The data leaked includes phone numbers, Facebook IDs, full names, locations, birthdates, bios, and some even include e-mail addresses.
Fortunately for those who have recently changed their information, a Facebook spokesperson told Insider that the data was “scraped due to a vulnerability that the company patched in 2019.”
However, despite the list being a couple years old, it’s important for Facebook users to be aware that there could be a higher risk of cybercriminals using this personal information to impersonate them or scam them into handling over login credentials. This warning was echoed by Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, who was the first to discover this leaked data.
“A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks [or] hacking attempts,” Gal told Insider. Gal first discovered the existence of this leaked data in January 2021, when a user in a hacking forum said an automated bot could provide phone numbers for hundreds of millions of Facebook users in exchange for a price. Now, unfortunately, this list appears to be widely available in one of these forums.
While Gal mentions that, from a security standpoint, there isn’t much Facebook can do to impacted users since the data is out in the open, he did add that Facebook, at the very least, could alert its users to remain vigilant for possible phishing schemes or fraud using the leaked data.