Personal information for over 500 million Facebook users was recently posted online on a hacking forum. According to Business Insider, the data includes phone numbers, Facebook IDs, full names, birthdays, bios, locations, and some email addresses.
The posted data includes users from 106 countries, with the vast majority of records coming from either the US, the UK, or India. Business Insider obtained a sample of the publicly available data and verified its contents by matching known Facebook users’ phone numbers with information in the data set.
A Facebook spokesperson told Insider that the leaked data is the result of a data breach that occurred in 2019. The tech company patched the vulnerability that allowed hackers to scrape the set later that year. Alon Gal, the chief technology officer of the cybercrime intelligence firm Hudson Rock, told Insider that while the data is old, it can still be used by hackers and scammers to trick users into giving up their private information.
“A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social-engineering attacks [or] hacking attempts,” Gal told Insider.
The existence of the data has been known since at least January, when Gal and journalists discovered an automated bot that was advertised on the same hacking forum that spat out phone numbers for Facebook users for a price. This isn’t the first time that Facebook user data has been compromised due to questionable practices. Back in the early 2010’s, the data firm Cambridge Analytica harvested the data of 87 million Facebook users in violation of the company’s policies.