A huge database that previously circulated privately, has now been published on a hacking forum for free, according to Business Insider, which first broke the news. The data dump affects people from 106 countries, including more than 32 million Americans, some 11 million UK citizens and 6 million Indians.
The trove apparently features sensitive information ranging from emails and phone numbers to full names, Facebook IDs and biographies. The outlet verified the authenticity of some of the data by matching phone numbers with the IDs listed in the dataset.
The social media giant, however, believes there is little reason to worry, since the data appears to be at least several years old and a part of a previously reported leak. A Facebook spokesperson, Liz Bourgeois, said on Twitter that the vulnerability that has allowed the hackers to obtain the data in the first place was successfully “fixed” back in 2019.
A cyber security expert who discovered the leaked data, Alon Gal, believes that the real situation might not be just as blissful as the tech giant claims it to be. A Chief Technology Officer at the cybercrime intelligence firm Hudson Rock, Gal, said that the data could easily be used by malicious actors to impersonate real owners in various scam schemes.
“A database of that size containing the private information such as phone numbers of a lot of Facebook's users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks [or] hacking attempts,” Gal said.
The cybercrime revealed that he first got on the scent of the stolen data back in January, when another person on the hacking forum was offering phone numbers of hundreds of millions of Facebook users for a certain price.
With that data now available “for free,” Facebook should’ve at least informed the affected users about this “old leak,” to raise their awareness about the danger of potential frauds, Gal added. “Individuals signing up to a reputable company like Facebook are trusting them with their data and Facebook [is] supposed to treat the data with utmost respect… Users having their personal information leaked is a huge breach of trust and should be handled accordingly.”
The news might come as a little surprise, since the tech giant, whose business is all about collecting vast amounts of personal data for targeted ads, has repeatedly been plagued by similar leak and hacking scandals in the past.
In December 2018, Facebook was forced to “apologize” after a bug in the company’s software provided third party apps with access to photos of nearly 7 million people. The incident took place just months after hackers accessed the data of 29 million users.
In May 2019, a database containing details and records of more than 49 million people using the Facebook-owned Instagram was leaked by an Indian marketing company, while in September 2019, some 419 million phone numbers linked to Facebook accounts were left exposed on an unprotected server.