If you think that Facebook’s woes are over, 2021 says “hold my beer”. It looks like more than 500 million phone numbers and personal data of Facebook users have been published for free in a low-level hacking forum. This doesn’t seem to be a new security breach as the leaked data is actually from two years ago when there was a vulnerability on Facebook’s servers that was exposed and then eventually patched. But someone who had access to that data seems to have decided to just go ahead and publish all of that personal information for free.
Business Insider shared that someone in a low-level hacking forum published for free the personal data of more than 500 million Facebook users. This includes phone numbers, full names, locations, birthdates, Facebook IDs, and even email addresses. They reviewed some of the leaked data and verified it by matching users’ phone numbers with the IDs and by testing email addresses in the password reset feature.
According to a Facebook spokesperson, the data is from a vulnerability back in 2019 which they have been able to fix since then. So this means, the data that has been leaked is around two years old. Still, it can be used to impersonate, scam, and hack people’s accounts especially those who have not protected their accounts. Nefarious elements can definitely take advantage of this and scam uninformed people into giving more data and even login credentials not just on Facebook but on other sites as well.
As early as January, there were already hints that the data can be accessed and released for a price. Reports verified that the data was legitimate. But now, the entire dataset is available for free for anyone to access, even if they just have the basic data skills. This means 530,000,000 accounts from 106 countries are now in danger of being exploited. This is actually not the first time that this has happened to Facebook so there really is something wrong with how data is protected.
Worse, there has been no acknowledgment from the social media giant so far. And while they may not be able to do anything to stop the leak since everything seems to be out in the open. The least we can do is to notify users that may be affected so they can be vigilant against these possible fraudulent schemes that can be used against them.