The personal data of nearly 533 million Facebook users, including 61 lakh Indians, has re-emerged online after a hacker posted the details on a digital forum. The leaked data includes Facebook ID numbers, profile names, email addresses, location information, gender details, job data, and other details. The database was first leaked in 2019, and the information was initially being sold on an instant messaging platform for a fee. Facebook had then said that it had fixed the issue that had caused the leak. But now the personal data has found its way to digital forums according to multiple sources.
The easy availability of such data may make users more vulnerable to cybercrime according to experts. "All 533,000,000 Facebook records were just leaked for free. This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked," tweeted Alon Gal, CTO of security firm Hudson Rock. "I have yet to see Facebook acknowledging this absolute negligence of your data," he added.
Facebook has confirmed the leak to The Record. "This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019," a Facebook spokesperson was quoted as saying in the report late Saturday.
But with the data now entering the public domain, there is a danger that this information can be widely used by cybercriminals for email or SMS spam, robocalls, extortion attempts, threats and harassment, etc. The data is reportedly broken up into download packages by country.
In January this year, reports first surfaced that the phone numbers of 533 million users were being sold via a bot on encrypted messaging platform Telegram, which came from a Facebook vulnerability that was patched by the social network in 2019. According to a report in Motherboard, the person selling the database full of Facebook users' phone numbers ($20 per number) lets customers lookup those numbers by using an automated Telegram bot.
Gal had then said: "It is very worrying to see a database of that size being sold in cybercrime communities, it harms our privacy severely and will certainly be used for smishing (the fraudulent practice of sending text messages) and other fraudulent activities by bad actors."
However, this time, the Facebook data leak has been published with more details.