More than 500 million Facebook users’ personal information has been leaked online, with the compromised data including phone numbers, full names, location, email address, and biographical information.
Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, uploaded the shocking findings on its Twitter account @UnderTheBreach, a cybercrime investigations forum, saying that the massive load of information was compromised free of charge. Users of the leaked data are vulnerable to cyber attacks such as fraud and impersonation, he warned.
“Bad actors will certainly use the information for social engineering, scamming, hacking and marketing,” Gal said.
The leak already made the news earlier in January when a hacker tried to sell Facebook access to a hacking website. Clarification of their service can be done through a simple and automated Telegram bot. Critically, Facebook was informed of this breach but has not seemed to take any bold actions on reducing the harm, Nationalfile reported.
Gal added that little could be expected from Facebook to ensure user protection, especially when the database has been released online and freely accessible to anyone. At present, the least Facebook could tell its users to beware of their personal data being used by phishing attempts or fraud.
However, he suggested users could resort to rotating IDs to reduce the risk of bad actors linking their phone numbers to Facebook IDs. Their information could still be vulnerable to “social engineering attacks, SIM swaps, phishing, etc.”
If users deleted their accounts around 2013 and 2018, their phone numbers are spared from the leaked database, Gal discovered. “I believe Facebook did delete entries from individuals who deleted their accounts which is good to know!”
According to Motherboard, the age of the leaked accounts could extend up to years.
Read the notice:
All 533,000,000 Facebook records were just leaked for free.
This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.
— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021