According to security researcher Alon Gal, Personal data from 533 million Facebook accounts has reportedly leaked online for free. Business Insider has stated that it has verified several of the leaked records. “The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India,” according to Insider. “It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses.”
If that 533 million number might sound familiar to you, that’s because this information is apparently from the same dataset that people could pay for portions of using a Telegram bot, which Motherboard reported on in January. Now, though, it appears that those who want to get their hands on the data won’t have to pay anything at all. Facebook told Insider that this data was scraped because of a vulnerability that it fixed in 2019. The company gave a similar answer to Motherboard in January. “This is old data that was previously reported on in 2019,” Facebook told BleepingComputer. “We found and fixed this issue in August 2019.”
Troy Hunt, the creator of the Have I Been Pwned database, said on Saturday that “I haven’t seen anything yet to suggest this breach isn’t legit.” In the data, he found only about 2.5 million unique email addresses (which is still a lot!), but apparently, “the greatest impact here is the phone numbers.” Here’s what that might mean, in Hunt’s words:
All 533,000,000 Facebook records were just leaked for free. This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked. I have yet to see Facebook acknowledging this absolute negligence of your data.
If you want to read the entire thread, here is Hunt’s full Twitter thread about the breach. Hunt has already loaded the leaked email addresses into Have I Been Pwned, meaning you can check to see if yours was included as part of the dataset. He is still considering whether or not to make the leaked phone numbers available through the service.
—
Photo Credit: pixinoo / Shutterstock.com