Leaked data from 533 million Facebook users, including South Africans, has been leaked online. This has been confirmed by Information security experts who believe that the leaked information may be used for cybercrime.
Initial reports of the Facebook hack were also confirmed by Troy Hunt, a web security consultant who created Have I Been Pwned?, a data breach search website that allows non-technical users to see if their personal information has been compromised.
He said “I haven’t seen anything yet to suggest this breach isn’t legit.” In the data, he found only about 2.5 million unique email addresses (which is still a lot!), but apparently, “the greatest impact here is the phone numbers.”
Here’s what that might mean, in Hunt’s words:
“But for spam based on using phone number alone, it's gold. Not just SMS, there are heaps of services that just require a phone number these days and now there's hundreds of millions of them conveniently categorised by country with nice mail merge fields like name and gender.”
Facebook has downplayed the significance of the leak. "This is old data that was previously reported on in 2019," Facebook spokesperson Liz Shepherd said in a tweet. "We found and fixed this issue in August 2019."
Israeli information security and cybercrime expert Alon Gal has expressed scepticism towards Shepherd's explanation of the leak.
All 533,000,000 Facebook records were just leaked for free.
— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.
I have yet to see Facebook acknowledging this absolute negligence of your data. https://t.co/ysGCPZm5U3 pic.twitter.com/nM0Fu4GDY8
"Bad actors will certainly use the information for social engineering, scamming, hacking and marketing," Gal tweeted about the breach.
Details include:
— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
Phone number, Facebook ID, Full name, Location, Past Location, Birthdate, (Sometimes) Email Address, Account Creation Date, Relationship Status, Bio.
Bad actors will certainly use the information for social engineering, scamming, hacking and marketing.
This is not the first time Facebook user data has been leaked on the web.
In December 2019, 267 million Facebook User IDs, phone numbers, and names were left exposed, according to Ukrainian cyber threat researcher Bob Diachenko. He believed the data was harvested by cybercriminals.
In 2018, it was revealed that British political consulting firm Cambridge Analytica collected the personal data of millions of Facebook users. In July 2019, Facebook was fined $5 billion (€4.2 billion) by the US Federal Trade Commission (FTC) for data privacy violations.