Ian Patrick, FISM News
In January of 2020, there were reports of a database of an exploit in Facebook’s code which showed the phone numbers of some user’s accounts. Apparently a person could purchase access to this database and look up phone numbers through a bot on the social media app Telegram.
Now, this same set of data has been supposedly leaked online for hackers to take and use. The total number of accounts whose information was leaked is reported to be upwards of 533 million, or roughly 20% of Facebook’s entire user base.
All 533,000,000 Facebook records were just leaked for free.
This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.
— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
Alon Gal of Under the Breach tweeted the data breach and included some information that may be at risk. Gal is a security researcher and co-founder of Israeli cybercrime intelligence firm Hudson Rock.
Details include: Phone number, Facebook ID, Full name, Location, Past Location, Birthdate, (Sometimes) Email Address, Account Creation Date, Relationship Status, Bio.
Another online security researcher, Troy Hunt commented on the viability of this data breach saying that “the data is legit” after spending time verifying the leak. Hunt is a Microsoft Regional Director and creator of the free data breach verification resource Have I Been Pwned?
After researching and reaching out to friends and those in the know, Hunt was able to verify over 2,500,000 email addresses in the leak which he included in his Have I Been Pwned? website.
Email parsing now done, found 2,529,621 unique addresses across the 108 files. Call it about 0.5% of all records having an email address.
— Troy Hunt (@troyhunt) April 4, 2021
Hunt reports that about 0.5% of the data had email addresses that he was able to verify. The data mostly concerned phone numbers, which he said was “gold” for spammers.
Insider was also able to verify some of the accounts that were released in the leak, and reported on who this could impact.
The exposed data includes the personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India.
Apparently Facebook said in a statement that the data was “very old” and related to an issue that it had fixed in August 2019.