Business Insider has reported that private data of 533 million Facebook users from 109 countries, including Nigeria, were recently leaked for free online by a user in a “low-level hacking forum.”
The leaked data—IDs, dates of birth, locations, phone numbers, bios, and in some cases emails—of over 32 million records of users in the US; 11 million records of users in the UK; and over 9 million users’ records in Nigeria.
Business Insider confirmed that a sample of the leaked data was reviewed and several records were verified by matching phone numbers of known Facebook users with the IDs listed in the data set.
A Facebook spokesperson told the outlet that the data was scraped owing to a vulnerability that was patched by the company in 2019.
According to Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, who first detected the whole trough of leaked data online recently, the leaked data could offer valuable information to cybercriminals who use people’s private information to impersonate them or scam them into handing over login credentials.
While talking to Insider, Gal said: “A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks [or] hacking attempts.”
Gal first detected the leaked data earlier this year when a user in the same hacking forum advertised an automated bot that could generate phone numbers of hundreds of millions of Facebook users in exchange for a price.
The bot’s existence was reported by Motherboard at that time and the legitimacy of the data was verified also.
Sadly, the whole dataset has been posted on the hacking forum for free, as such, it is widely available to anyone with basic data skills.
Efforts were made by Insider to reach the leaker through Telegram but no response was gotten.
Gal said that from a security point of view, Facebook can not do much to help users affected by the breach since their data is already exposed and added that Facebook could notify users so they could remain vigilant for possible phishing schemes or fraud that could be perpetrated by using their private data.
He said: “Individuals signing up to a reputable company like Facebook are trusting them with their data and Facebook (is) supposed to treat the data with utmost respect.
“Users having their personal information leaked is a huge breach of trust and should be handled accordingly.”
