Facebook confirmed Saturday the reappearance on the Internet of old personal data of more than 530 million accounts obtained illegally in 2019, in a new leak reported Saturday by a specialized security firm.
“This is old data, which was reported in 2019,” according to a company statement picked up by Bloomberg. “We found and fixed this vulnerability in August of that year,” it added.
The firm specializing in cybercrime Hudson Rock had denounced this Saturday the leak, by an alleged user of a hacking forum, of more than 530 million Facebook accounts with personal information and phone numbers of its users.
Few days ago a user created a Telegram bot allowing users to query the database for a low fee, enabling people to find the phone numbers linked to a very large portion of Facebook accounts.
This obviously has a huge impact on privacy. pic.twitter.com/lM1omndDET
— Alon Gal (Under the Breach) (@UnderTheBreach) January 14, 2021
The leaked data, which affects users in more than a hundred countries, includes information on some 32 million user records in the US, more than 10.8 million in Spain, eleven million users in the UK and six million users in India, with names, phone numbers, Facebook IDs, dates of birth, biographies and, in some cases, email addresses.
The Business Indiser website was able to review a sample of the leaked data and verified several records provided under the supervision of Hudson Rock’s chief technology officer and the man responsible for the find, Alon Gal.
“A database of that size containing private information, such as phone numbers for many of Facebook’s users, would certainly lead to bad actors taking advantage of the data for social engineering attacks or hacking attempts,” explained Gal.
Facebook has so far not commented on this finding by Gal, who noted the first leaks in January when a user on the same hacking forum announced an automated program that could provide phone numbers for hundreds of millions of Facebook users in exchange for a price. The website Motherboard reported on the existence of that program at the time and verified that the data was legitimate.
Now, and according to Business Insider, the entire dataset has been posted on the hacking forum for free, making it widely available to anyone with rudimentary data skills.