Personal information of over 533 million Facebook users was leaked on a low-level hacking forum, according to Business Insider. Facebook users from 106 countries, including more than 32 million users in the US, 11 million in the UK, and 6 million in India, had their Facebook IDs, full names, phone numbers, locations, birthdates, bios, and in some cases, email addresses, leaked online.
Insider journalists examined the leaked data and confirmed several Facebook users' data matched up with the leaked data on the list.
Insider reviewed a sample of the leaked data and verified several records by matching known Facebook users' phone numbers with the IDs listed in the data set. We also verified records by testing email addresses from the data set in Facebook's password reset feature, which can be used to partially reveal a user's phone number. -Insider
Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, has been one of the first to post about the leak. He tweeted Saturday morning:
All 533,000,000 Facebook records were just leaked for free. This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked. I have yet to see Facebook acknowledging this absolute negligence of your data.
All 533,000,000 Facebook records were just leaked for free.— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.
I have yet to see Facebook acknowledging this absolute negligence of your data. https://t.co/ysGCPZm5U3 pic.twitter.com/nM0Fu4GDY8
He said the hack included:
Phone number, Facebook ID, Full name, Location, Past Location, Birthdate, (Sometimes) Email Address, Account Creation Date, Relationship Status, Bio. Bad actors will certainly use the information for social engineering, scamming, hacking and marketing.
Gal posted a partial list of the number of users affected by the hack by country:
"A database of that size containing the private information such as phone numbers of a lot of Facebook's users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks [or] hacking attempts," Gal told Insider, adding that he first discovered the leak in January on a low-level hacking forum.
This isn't the first time Facebook has dealt with hackers exposing the personal information of users. Over the years millions of people's personal information have been scrapped from Facebook's servers.
Gal warned that there's not much Facebook can do at this point because their credentials are already online.
"Individuals signing up to a reputable company like Facebook are trusting them with their data and Facebook [is] supposed to treat the data with utmost respect," Gal said. "Users having their personal information leaked is a huge breach of trust and should be handled accordingly."
Another monumental failure by Facebook would suggest a future congressional hearing would be held.