Source: SOPA Images / Getty
Facebook is definitely the can’t get right of social media mediums.
According to security researcher Alon Gal, the personal data of 533 million Facebook accounts leaked online for free99. Insider has verified several of the leaked records.
“The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India,” Insider reports. “It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses.”
The alarming number of accounts that have been leaked isn’t new. Motherboard reported back in January that the information from the same dataset could be purchased portions online through a Telegram bot. Now all of that information is just sitting on the internet for free.
Details include:
Phone number, Facebook ID, Full name, Location, Past Location, Birthdate, (Sometimes) Email Address, Account Creation Date, Relationship Status, Bio.
Bad actors will certainly use the information for social engineering, scamming, hacking and marketing.
— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
Speaking with Insider, Facebook claimed that the user data was stolen due to a vulnerability it fixed back in 2019, the same spiel it told Motherboard in January. “This is old data that was previously reported on in 2019,” Mark Zuckerberg’s company told BleepingComputer. “We found and fixed this issue in August 2019.”
Now, if you’re worried that your account was one of the 533 million caught up in the massive scrape, Troy Hunt has created a free website, Have I Been Pwned, that allows you to check if your email was part of the data breach. Hunt says, “I haven’t seen anything yet to suggest this breach isn’t legit,” and has found about 2.5 million unique email addresses in the data but states “the greatest impact here is the phone numbers.” He explained it all in a series of tweets.
I’ve had a heap of queries about this. I’m looking into it and yes, if it’s legit and suitable for @haveibeenpwned it’ll be searchable there shortly. https://t.co/QPLZdXATpt
— Troy Hunt (@troyhunt) April 3, 2021
Hunt has already loaded the leaked emails to Have I Been Pwned. He is considering whether he should do the same with the phone numbers.
Should the FB phone numbers be searchable in @haveibeenpwned? I’m thinking through the pros and cons in terms of the value it adds to impacted people versus the risk presented if it’s used to help resolve numbers to identities (you’d still need the source data to do that).
— Troy Hunt (@troyhunt) April 4, 2021
Facebook really needs to get it together.
—
Photo: SOPA Images / Getty
HipHopWired Radio
Our staff has picked their favorite stations, take a listen…
