533 million Facebook users’ phone numbers and personal data have been leaked online
Telegram Bot Sells Facebook Users’ Phone Numbers
Access to a database of Facebook users’ phone numbers is being sold by a user of a hacker forum through the use of a Telegram bot, as per a report by Motherboard.
The starting price is one credit per number, which is the equivalent of $20, with a discount for bulk buying 10,000 credits at $5,000.
On Saturday, April 3rd, a report by Insider announced that over 500 million personal data accounts from Facebook had been exposed online for free in a low-level hacking forum.
A user in a low level hacking forum on Saturday published the phone numbers and personal data of hundreds of millions of Facebook users for free online. 533 Million Facebook User Credentials Leaked
The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses.
A Facebook spokesperson told Insider that the data was scraped due to a vulnerability that the company patched in 2019.
Facebook has had other data scandals in the past like the Cambridge Analytica one where some 1.1 million UK-based users had their personal details exposed.
Facebook was also the target of a data breach affecting up to 50 million users in September of 2018.
“This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019,” she said. However, this doesn’t make the hack any less threatening for most. Here’s what you need to know.
Alon Gal, CTO of Hudson Rock, a cybercrime intelligence firm in Israel first discovered the leak on Saturday and told Insider that even though the data is old, threat actors can still harm people with it via the use of social engineering attacks or hacks.533 Million Facebook User Credentials Leaked
Insider verified a series of records “by matching known Facebook users’ phone numbers with the IDs listed in the data set.” The media outlet also typed in exposed email addresses into Facebook’s password reset feature, which shares part of a user’s phone number to further verify that the data was indeed accurate.