The personal data of more than 533 million users from 106 countries has been leaked and published online. That includes Facebook IDs, full names, locations, phone numbers, birthdates, and email addresses of more than 32 million people in the US.
Business Insider reviewed and verified a sample of the leaked records, which Facebook claims were scraped “due to a vulnerability” that was patched in 2019. Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, spotted the disclosure on Saturday, explaining, “A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks [or] hacking attempts.”
The information, already a couple of years old, may still provide valuable insight to criminals trying to impersonate or scam people online. Or, even worse, track them down in real life. Gal first discovered the leak in January, when someone selling access to the files advertised an automated bot that dispenses Facebook users’ phone numbers—for a price. Now it’s free for the world to see.
Facebook is no stranger to data leaks: The Cambridge Analytica fiasco affected as many as 87 million people worldwide, and forced the social network to boost its privacy protections. Clearly more needs to be done considering there are now more than 533 million people whose private information is floating around the web. You can visit haveibeenpwned to check whether your email or phone number was compromised (in this attack, or any others).
Recommended by Our Editors
There’s not much Facebook can do in terms of security to help affected users, Gal explained, aside from warning folks to keep an eye out for phishing schemes or fraudulent activity. “Individuals signing up to a reputable company like Facebook are trusting them with their data and Facebook [is] supposed to treat the data with the utmost respect,” Gal said in a statement published by Business Insider. “Users having their personal information leaked is a huge breach of trust and should be handled accordingly.”