Personal information belonging to more than 533 million Facebook users has been posted online in a low-level hacker forum. An anonymous user leaked this data in a forum post on Saturday. It contains compromised user information including email addresses, phone numbers, and physical addresses.
The leaked data set encompasses user records from 106 different countries. Of the total haul, 32 million are from the US, 11 million from the UK, and 6 million from India. The story was initially published by Business Insider based on information provided by Hudson Rock, an intelligence company.
The leak was first discovered in January when a user on the hacking forum advertised a bot that could scrape Facebook user phone numbers. At the time, the user offered the bot’s services for money, but the information ended up being posted for free in April.
The now publicly available information includes a worrying volume of deeply personal data – full names and surnames, birthdays, physical addresses, phone numbers, email addresses, bios, and relationship statuses. The leak comes in the wake of a similar scandal that occurred in 2019 when Facebook’s security vulnerability allowed hackers to steal millions of users’ phone numbers. According to Facebook, this vulnerability was patched out in August 2019.
A Facebook spokesperson said the data that was leaked now was collected back in 2019 and is not a result of a new vulnerability. No matter how old the leaked data set is, it will still most certainly be used by malicious actors in order to engage in identity theft, hacking, and other forms of cybercrime.
The leaking of this data highlights two important issues: the volume of personal data collected by Facebook and the company’s seemingly chronic mismanagement of user data. The first major compromise of user privacy on Facebook occurred when the Cambridge Analytica scandal came to light. At the time, the consulting firm Cambridge Analytica used its app to harvest data from 87 million Facebook users without their consent in order to monetize the data for the purposes of political advertising.
There isn’t much that can be done now for those users whose data was published. It’s also unclear whether Facebook has notified users whose information was compromised. The only thing the rest of us can do is heighten our cybersecurity and be extra watchful for any phishing scams or attempts to compromise our accounts.