Personal data of 533 million Facebook users has been leaked online which include full names, phone numbers, birthdates, location data, and email addresses.
The leaked data also include users’ Facebook IDs, account creation dates, relationship status, and biographical information.
Security expert Alon Gal, who serves as chief technology officer at Hudson Rock, said this online leak has a huge impact on privacy.
“In early 2020, a vulnerability that enabled seeing the phone number linked to every Facebook account was exploited,” Gal said.
This vulnerability was exploited to create a database containing the information of 533 million users across all countries.
“It was severely under-reported and today the database became much more worrisome,” he said.
A few days ago, a user created a Telegram bot allowing users to query the database for a low fee.
This enabled people to find the phone numbers linked to a large portion of Facebook accounts.
The data is a treasure trove for cyber criminals. “Bad actors will certainly use the information for social engineering, scamming, hacking, and marketing,” said Gal.
He provided a full list of affected users by country, which include over 14.3 million users from “Africa”.
While South Africa is not explicitly mentioned, it can be assumed millions of local Facebook users are affected.
Liz Bourgeois, director of strategic response communications at Facebook, highlighted that this is not a new data leak.
“This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019,” Bourgeois said.
Bourgeois was referring to a security flaw that allowed the information to be accessed without authorisation.
This data leak, although not based on a new security flaw, threatens Facebook’s business model of gathering a large amount of personal information and using it to sell targeted ads.
Alon Gal comment
All 533,000,000 Facebook records were just leaked for free.
This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.
— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019. https://t.co/mPCttLkjzE
— Liz Bourgeois (@Liz_Shepherd) April 3, 2021