A hacker has leaked personal data on an estimated 533 million Facebook users, to include phone numbers and Facebook account details. The data was leaked on a publicly accessible hacking forum.
According to a report by The Record on April 3, the leaked data includes Facebook ID numbers, profile names, email addresses, location information, gender details, job data and other profile information.
After reviewing the samples, The Record reached out for comment to Facebook, who later confirmed the data leak. However, Facebook said the leak took place two years ago and the issue was subsequently fixed in August 2019.
“At the time, an attacker abused a vulnerability in the Facebook contacts importer feature to supply the Facebook platform with a list of phone numbers and get a match for existing profiles, allowing the attacker to link random phone numbers to specific users,” Catalin Cimpanu of The Record wrote.
Moreover, Alon Gal, CTO of security firm Hudson Rock, also sent out a tweet earlier this year warning of hackers using the hacked data as part of a Telegram bot:
Gal posted a new Tweet over the weekend on 4/3 also confirming the leak of 533M records:
There were no new Facebook security updates regarding the leaked data at the time of the report.
Facebook had previously disclosed numerous data loss incidents in the past several years, such as Instagram password leak (2019), 30M Facebook user breach (2018) and exploit of Facebook code that impacted 50M Facebook accounts (2019), just to name a few.
- Facebook says Millions of Instagram passwords stored in clear text
- Facebook provides security update on breach that impacted 30M users
- Attackers exploit Facebook code that impacts 50 million accounts
- Thousands of malicious apps use Facebook APIs
- Stresspaint malware targets Facebook credentials
- Panda malware expands reach