Data of over 533 million Facebook users across the globe is being sold so cheap that anyone can buy it even without a credit card! It appears that a leaker has published this data that includes the Phone number, Facebook ID, full name, location, past location, birthdate, (sometimes) email address, account creation date, relationship status, and personal bios.
Alon Gal, Co-founder of a security research company Hudson Rock, who was the first to report the leak, has verified the details of some users and they seem to be valid. “If you have a Facebook account, the phone number used for the account was likely leaked,” he said.
He felt that the data could be a couple of years old and could have been extracted using the bug that the social media giant had fixed back in 2019. That being the case, hackers or imposters could still misuse the information for SMS phishing scams, impersonate users or lure them to share the credentials.
All 533,000,000 Facebook records were just leaked for free.This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.I have yet to see Facebook acknowledging this absolute negligence of your data. https://t.co/ysGCPZm5U3 pic.twitter.com/nM0Fu4GDY8April 3, 2021
Gal had spotted this data first in January through an advertisement on a hacking forum where an automated bot was selling numbers of hundreds of millions of Facebook users. It seems the same data is now being made available on public forums and can be bought for virtually nothing.
“Individuals signing up to a reputable company like Facebook are trusting them with their data and Facebook [is] supposed to treat the data with utmost respect. Users having their personal information leaked is a huge breach of trust and should be handled accordingly,” he said.
He has warned users to remain careful of "social engineering attacks" as hackers may try to access Facebook accounts using the information obtained through this fresh dump of data.
This is not the first time Facebook’s user data has made its way to the public. Back in 2019, a vulnerability allowed hackers to mass scrape data from Facebook’s servers. This vulnerability was left unchecked for weeks before being patched and thus private information of the users made its way to the hackers. Before that, Facebook was sued in 2018 after information of over 29 million accounts was left open to hackers.