Personal details of more than 533 million Facebook users across the world was found exposed on a hacking forum. The data includes personal information of 6 million Indians, according to Business Insider, which first reported the breach. Users from 106 countries, including 32 million in the United States and 11 million users in the United Kingdom have been affected. The leaked data, which was reportedly originally leaked in 2019, includes their phone numbers, names, locations, birthdates, and email addresses.
The data was reportedly scraped two years ago by hackers, allowed by a vulnerability which was patched in 2019, according to a Facebook spokesperson quoted by Business Insider. The data surfaced a couple of months ago in January, when Alon Gal of cybercrime intelligence firm Hudson Rock discovered it on a hacking forum. A user on the forum advertised access to the hundreds of million of users through an automated Telegram bot which allowed for easy querying of the data. Access to this Telegram bot could be bought for a low fee, he found. Now, however, the entire dataset has been leaked for free on the same hacking forum, virtually making it accessible to anyone looking for it.
The dataset includes the phone number of even Mark Zuckerberg, the CEO of Facebook. Other users whose personal details were part of the dataset include Facebook co-founders Chris Hughes and Dustin Moskovitz.
Facebook is not new to data breaches. The most infamous one till date has been the Cambridge Analytica fiasco, wherein personal data of 87 million users was improperly obtained by the data analytics firm. The breach led to the US Federal Trade Commission (FTC) handing Facebook a fine of $5 billion. David Carroll, an academic who famously filed a legal claim against Facebook in relation to the Cambridge Analytica breach, said the latest breach was equivalent to “6 Cambridge Analyticas”.
- How 50 Million Facebook Users Were Profiled And Influenced: A Low Down On Cambridge Analytica [March 2018]