BRAZIL – 03/30/2021: In this photo illustration, the Facebook logo is displayed on a smartphone. (Photo … [+]
SOPA Images / LightRocket via Getty Images
The personal data of more than half a billion Facebook users leaked online on Saturday and will be made available free of charge in a hacking forum on Saturday. The breach, the first cybercrime intelligence company discovered, Hudson Rock, includes full names, Facebook IDs, phone numbers, locations, dates of birth, biographies, and email addresses. The user information of more than 533 billion accounts was included in the leak and confirmed to be authentic by Business Insider.
The vast amount of information appears to have been the result of a security breach that allowed user information, including phone numbers, to be removed from Facebook’s vast database of personally identifiable information. The original violation, believed to be responsible for the accumulation of this leak, was first reported in September 2019. Facebook claims to have identified and fixed the vulnerability in August of the same year. “This is old data that was reported back in 2019,” a Facebook spokesman told Bloomberg. This suggests that users who joined Facebook after August 2019 are unlikely to disclose their data in this leak.
While the data posted on the Hacking Forum may not be new, it is significant nonetheless. Earlier this year, Motherboard reported that a cybercriminal forum was using the same data collection to sell access to phone numbers linked to a person’s Facebook account. The user has even set up an automated system where potential buyers can use the Telegram messaging app to communicate with a bot, enter a person’s name and get their phone number.
At the time, Hudson Rock co-founder and CTO Alon Gal told Motherboard that the database was “very worrying” and warned that “it is seriously damaging our privacy and is certainly being used by bad actors for smishing and other fraudulent activities.” Now that data no longer has the slight hurdle of a paywall to access. It’s available to anyone for free. All you need to access is know where it’s hosted and some pretty basic knowledge of where it is Database navigation. On Twitter, Gal warned that “bad actors will surely use the information for social engineering, fraud, hacking, and marketing.”
Facebook is in a difficult position with this injury as it is not new and there is little the company can do to combat it. However, it is a reminder of how much data the company has collected about its users and how negligent it has been at times to protect that information. Facebook cannot currently prevent this data from being passed on and used for nefarious reasons. Information like phone numbers, email addresses, and dates of birth are almost always valuable to malicious actors, no matter how old they are, as they rarely or never change. That gives value to this violation even though it’s almost two years old.