A user of one of the hacker forums published the phone numbers and personal data of hundreds of millions of Facebook users for free. The freely redistributable database includes the personal information of more than 533 million Facebook users. These include phone numbers, IDs, full names, locations, dates of birth, and sometimes email addresses. Previously, user numbers from this database were sold through a bot.
The database contains data from 106 countries; including 32 million from the United States, 11 million from the UK and 6 million from India. Business Insider verified the correctness of several verified entries by matching the phone numbers of famous Facebook users with identifiers from the database. Reporters also verified that the email addresses used to reset Facebook’s password were correct; this functionality can also be used to partially reveal a user’s phone number.
— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
The leak provides cybercriminals with valuable information that can be used to impersonate another person or fraudulently obtain user credentials. Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, who discovered the leak, said: “A database of this size, containing personal information such as the phone numbers of many Facebook users, will certainly lead attackers to use that data to carry out attacks related to social engineering, or hacking attempts”.
Alon Gal first discovered the data breach in January; when a user on a hacker forum advertised an automated bot that could provide phone numbers for hundreds of millions of Facebook users for a price. Some sources reported the existence of this bot and confirmed that the data it gave out was true.
Now the entire dataset has been posted on the hacker forum for free; making it available to anyone with basic data skills. This is not the first time that a huge number of Facebook user phone numbers have been found on the web.
There is little Facebook can do to help users affected by the breach; as the data is already available for the public.
“Individuals signing up to a reputable company like Facebook are trusting them with their data and Facebook [is] supposed to treat the data with utmost respect,” Gal said. “Users having their personal information leaked is a huge breach of trust and should be handled accordingly.”