The details of more than 533 million Facebook account holders from 106 countries have been made public on a cybercriminal forum.
Reports suggest this data is not new. It was scraped in 2019 when an attacker exploited a vulnerability on the Facebook site to match random phone numbers with Facebook profiles. They detected this activity and blocked the attacker’s access.
The leaked personal information includes phone numbers, Facebook IDs, full names, location data, gender, birthdates, account creation dates, relationship status, and employer’s among other profile information. In some cases, the user’s email address was also shared.
Even though the leaked data is a couple of years old, it could provide valuable information to cybercriminals, said Alon Gal, CTO of cybercrime intelligence firm Hudson Rock who first discovered the leaked data online on Saturday.
“A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks or hacking attempts”