Data of over 553 million Facebook users were made public on Saturday. The data was exposed for free by a hacker in a hacking forum and included details like phone numbers and other personal data. Personal information of millions of users from across 106 countries, including India, were exposed.
The exposed data included details like phone numbers, Facebook IDs, full names, locations, birthdates, bios and even email addresses of some users. Over 32 million accounts in the US, 11 million in the UK, and 6 million in India were exposed, as mentioned in a report in Business Insider.
A Facebook spokesperson said that the leaked data was scraped due to a vulnerability that the company patched in 2019. A vulnerability was discovered in 2019 that allowed phone numbers of millions of users to be scraped from Facebook servers. The social media giant said that the vulnerability was patched in August 2019.
Even though the leaked data is a couple of years old, it could provide valuable information to cybercriminals, said Alon Gal, CTO of cybercrime intelligence firm Hudson Rock who first discovered the leaked data online on Saturday.
"A database of that size containing the private information such as phone numbers of a lot of Facebook's users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks or hacking attempts," said Gal to the news site.
Some of the data appeared to be current, while some of the leaked phone numbers belong to owners of Facebook accounts.
The data leak was first discovered by Gal in January when a user in the same hacking forum advertised an automated bot that could provide phone numbers of millions of Facebook users in exchange for a price. Now the entire dataset has been posted online for free, making it easy for anyone with basic data skills to access.
According to Gal, there is not much that Facebook could do at this point except for informing users that their data is out in the open so that users could remain vigilant in the future.
Gal said that individuals who have signed up for a reputable company like Facebook are trusting them with their data and Facebook is supposed to treat them with utmost respect. Leak of user information is a huge breach of trust and must be handled accordingly, he said.