- Responding to the data breach, Facebook says it found and fixed the issue in August 2019.
- The security researcher claims new data breach affects 533 million users worldwide.
- The biggest data chunk is said to from the US, with over 32 million records on users from the country.
The latest Facebook data breach is claimed to have leaked the personal data of over 533 million users globally. In a country-wise breakup, the claimed data breach reportedly includes the personal information of 6 million users in India. Security researchers have warned that the leaked data can be used to commit fraud by impersonating a person as the leaked data dump includes phone numbers, full name, location, email, and other info.
Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, posted information around the data breach that is said to have leaked data of close to 533 million users in a series of tweets. "This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked," Gal said in a tweet.
Notably, the claimed Facebook data breach isn't new. In January this year, Gal had reported that a vulnerability enabled seeing the phone number linked to every Facebook account was exploited. He added that it was severely under-reported, and now the database became much more worrisome.
He claimed that a user even created a Telegram bot allowing users to query the database for a low fee, enabling people to find the phone numbers linked to a very large portion of Facebook accounts.
A Facebook spokesperson responding to data breach claims said, "This is old data that was previously reported in 2019. We found and fixed this issue in August 2019."
The data breach story was first reported by Business Insider that cite Gal and adds that the least Facebook can do is notify users affected by the data breach.
Gal claimed that the data breach includes details like phone number, Facebook ID, full name, location, past location, birth date, email address (in some cases), account creation date, relationship status, and bio.
"Bad actors will certainly use the information for social engineering, scamming, hacking and marketing," Gal added.
While India Today Tech could not verify the information posted on various domains and claimed to be of Facebook users. Security researcher Gal hints that the database is most likely the same set of telephone numbers linked to Facebook accounts that have been circulating in hacking circles for months. In January, Motherboard reported the Facebook data breach, though it is now being claimed that it was under-reported.
Looking at recent data breach stories, what India needs right now is a mechanism to penalise companies that are unable to handle user data. The country needs a robust law to deal with such scenarios. Last week, details of MobiKwik digital wallet app users were reportedly leaked, and data of crores of users were said to be posted in the public domain.