Facebook under fire as user’s data leak online

The data was later posted on the forum for free on Saturday, which made the information available to anyone with rudimentary data skills.

2020_0512_facebooklogo_600x300

The personal information of more than 533 million Facebook users was leaked on a low-level hacking forum Saturday (April 3.)

The exposed data included personal information such as phone numbers, Facebook IDs, full names, locations, birthdates, bios and emails from users in 106 countries, including more than 32 million records of users in the United States, 11 million in the United Kingdom and 6 million in India, Business Insider reports.

“Insider reviewed a sample of the leaked data and verified several records by matching known Facebook users’ phone numbers with the IDs listed in the data set,” Business Insider wrote. “We also verified records by testing email addresses from the data set in Facebook’s password-reset feature, which can be used to partially reveal a user’s phone number.”

A Facebook spokesperson told Business Insider the data was scraped as part of a vulnerability patching in 2019. Though the leaked data is from a couple years ago, it proves users’ personal information is easily accessible and hackers can use it to impersonate or scam them into handing over login credentials, according to Alon Gal, chief technology officer of the cybercrime intelligence firm Hudson Rock, who discovered the leak on Saturday.

“A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social-engineering attacks [or] hacking attempts,” Gal told Business Insider.

Gal initially discovered the leaked data in January when a user int he same hacking forum that posted it Saturday advertised an automated bot capable of providing phone numbers of hundreds of millions of Facebook users, which was reported by Motherboard to be legitimate at the time of the claims.

The data was later posted on the forum for free on Saturday, which made the information available to anyone with rudimentary data skills.

Business Insider said it attempted to contact the hacker through the messaging app Telegram but did not get a response.

The vulnerability uncovered in 2019 previously allowed millions of phone numbers to be scraped from Facebook’s servers in violation of its terms of service, but the company said it was patched in August 2019 and vowed to crack down on mass data-scraping after Cambridge Analytica scraped data of more than 80 million users in violation of the website’s terms of service to target voters with political ads during the 2016 election.

Leave a Reply