A data breach has seen valuable personal information from 533 million Facebook users leaked online.
An employee at Israeli cyber-intelligence company Hudson Rock claimed that the information contains phone numbers, locations, birthdates, Facebook IDs, full names, and email addresses.
The breach has affected users from around 106 countries, including 11 million in the UK. Amongst those affected was Facebook founder Mark Zuckerberg, whose phone number was leaked.
Given the sheer number of people affected, the data breach could be one of the largest ever recorded.
The hackers exploited a vulnerability that enabled them to see the phone number linked to every Facebook account.
According to Facebook, the vulnerability that allowed the data leak was discovered and patched in August 2019. However, the company failed to warn that the data was circulating.
In January this year, the data, surfaced as a bot on popular messaging service Telegram, allowed people to search the database for a fee. This allowed anyone paying around $20 to find phone numbers connected to Facebook accounts.
Now, all the data is available for free after being published on a hacking forum.
While the data is around a year and a half old now, Hudson Rock CTO Alon Gal warned that hackers will still be able to make use of it despite its age. Many people will still be using email addresses and phone numbers from 2019, thus making the data relevant.
“The leaked data could provide valuable information to cybercriminals who use people’s personal information to impersonate them or scam them into handing over login credentials,” he Tweeted
“Bad actors will certainly use the information for social engineering, scamming, hacking and marketing.”
- Leader Insight | Reaching the Powerlist with Sustainably’s Loral Quinn
- EIE21 adds SEP co-founder Stuart Paterson to investor panellist line-up
- Edinburgh Uni spin-out raises £1m for breakthrough ‘liquid biopsy’ tech
For those concerned whether they are among the half a billion people affected by the breach, haveibeenpwned.com offers a service to search known data breaches for user information.
The data breach is currently being reviewed by Ireland’s Data Protection Commission (DPC), where the company’s European operations are based. They aim to verify whether the leaked data is from the 2019 data breach.
The way companies collect data on their users has come under greater scrutiny in the past few years. Facebook has been one of the companies singled out for particular attention due to the far-reaching nature of its data collection.
According to cybersecurity company Clario, Facebook collects the widest range of data on its users, around 70%. They are followed by Instagram, another Facebook company, which collects about 58% of its users’ data.
In gross terms, this amounts to around 3 million GB of data on its 1.3 billion users.