On Saturday, the personal details of over half a billion Facebook Inc. users resurfaced online for free, highlighting the company’s ability to gather mountains of data and its struggles to secure these confidential assets.
According to Business Insider, the leak contains sensitive details on 533 million Facebook users, including phone numbers, Facebook IDs, full names, places, birth dates, bios, and, in some cases, email addresses.
In an email statement, a Facebook spokesperson said, “This is old data that was previously reported on in 2019.” “In August of this year, we discovered and resolved this issue.”
According to Alon Gal,
A few days ago a user created a Telegram bot allowing users to query the database for a low fee.
Few days ago a user created a Telegram bot allowing users to query the database for a low fee, enabling people to find the phone numbers linked to a very large portion of Facebook accounts.
This obviously has a huge impact on privacy. pic.twitter.com/lM1omndDET
— Alon Gal (Under the Breach) (@UnderTheBreach) January 14, 2021
The company fixed a flaw in its systems that caused the information to leak out at the time. Once such knowledge leaves Facebook’s network, however, the company has no ability to prevent it from spreading online.
On Saturday, Alon Gal, the chief technology officer of cybercrime intelligence firm Hudson Rock, rediscovered the data.
All 533,000,000 Facebook records were just leaked for free.
This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.
— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
Databases aren’t usually circulated widely right away, particularly if they’re big or uncommon, since “the people who possess them will attempt to monetize them for as long as they can,” Gal said in a Twitter message. “The phase can take years or days, but if private databases are sold around, they will inevitably leak.”
Facebook’s business model of collecting a vast amount of personal data and using it to sell targeted advertising is under pressure due to data leaks.
According to Business Insider, the information is available for free on a hacking website, rendering it easily open to everyone with rudimentary data skills. Several records were checked by comparing known Facebook users’ phone numbers to the IDs specified, and others were confirmed by checking email addresses from the data set in Facebook’s password reset function, which can be used to expose a user’s phone number in part.