Personal data of 500 million Facebook users exposed
The personal data of 533 million Facebook users has been found online for free, with information including phone numbers, locations, birth dates and email addresses exposed.
The data appears to be several years old, but could be used to commit fraud and impersonate people, according to security experts.
The data leak affects users from 106 counties, with more than 32 million US users, 11 million in the UK and 6 million in India, Business Insider first reported.
There are 7 million Australian users affected, according to a list released by Alon Gal, chief technology officer at cybercrime intelligence company Hudson Crime, who discovered the leak.
Facebook said the vulnerability that allowed hackers to scrape the data was fixed in 2019.
"This is old data that was previously reported on in 2019," Facebook said in a statement. "We found and fixed this issue in August 2019."
It comes as Facebook continues to struggle with its data security problem. Facebook in 2018 was forced to disable a feature allowing users to search for others via phone number after it was found that data firm Cambridge Analytica had used it to find information on 87 million users without their consent.
All 533,000,000 Facebook records were just leaked for free.
This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.
I have yet to see Facebook acknowledging this absolute negligence of your data. https://t.co/ysGCPZm5U3 pic.twitter.com/nM0Fu4GDY8— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
Gal said databases of that size can be used by “bad actors” to perform social engineering, or attempt to hack users.
The dataset is now on a hacking forum which can be accessed by anyone with basic data skills.
“I can sense people are fed up with their private information being mismanaged, you are absolutely right to feel so,” Gal said on Twitter.
“Facebook needs to acknowledge this breach and not with just a "we value your information" statement.”
He said that while Facebook can’t do much to recover the leaked data, it can tell users to be on guard against potential fraud or hacking attempts.