In this day and age, everyone probably has a Facebook account, yes even the children. Look at every block and ask if they have a Facebook account, the answer is more likely “yes”. According to Statista, there are nearly 3 billion active Facebook accounts in the second quarter of 2020, and at least 3.14 billion people were using one of its core products, like WhatsApp and Instagram.
Recently, there was a hacker who posted in an online forum revealing millions of phone numbers and other sensitive personal data from different users for free.
The exposed data came from more than 533 million users around the world spanning in 106 countries, including 32 million personal data taken from the USA, 11 million from the UK and 6 million from India. According to Business Insider, the hacker exposed the users’ phone numbers, email, Facebook IDs, locations, bios, and birth dates.
The news outlet also reviewed a sample of the leaked data and then verified several records “by matching the Facebook users’ phone numbers with their Facebook ID listed in the data set.” Also, they also verified records by testing email addresses from the data-set from Facebook’s password reset feature, that has the potential to reveal a user’s phone number
According to a Facebook spokesperson, this data has been scraped due to a security vulnerability that the company has patched in 2019.
The data they tested is couple of years old, however, even still, this data can be used by cybercriminals to impersonate the person in question and potentially scamming users, including friends and family members.
Hudson Rock, a cybersecurity firm, also has discovered a similar data leak last January, when a user in the same hacking forum advertised an AI that could provide phone numbers from millions of Facebook users for a fee. However, since the data set has been posted on the website for free, anyone with rudimentary skills can use the data.
On Twitter, The Chief Technology Officer of Hudson Rock, Alon Gal, posted this tweet below:
This was not the first time Facebook had this type of vulnerability. In 2019, millions of phone numbers were scraped and leaked online. About the recently stolen data, Gal said there is nothing Facebook could do other than warn its users for phishing and online frauds the next time a similar incident happens.
Individuals signing up to a reputable company like Facebook are trusting them with their data, and Facebook [is] supposed to treat the data with utmost respect,” Gal said. “Users having their personal information leaked is a huge breach of trust and should be handled accordingly.”