Personal data of nearly 533 million (53.3 crore) Facebook users, including 61 lakh Indians, remerged online after a hacker posted the details on a digital forum.
The leaked data includes Facebook ID numbers, profile names, email addresses, location information, gender details, job data, and other details. The easy availability of such data may make users more vulnerable to cybercrime, although Facebook has said that this is "old data".
"All 533,000,000 Facebook records were just leaked for free. This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked," tweeted Alon Gal, CTO of security firm Hudson Rock.
"I have yet to see Facebook acknowledging this absolute negligence of your data," he added. Facebook has confirmed the leak to The Record. "This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019," a Facebook spokesperson was quoted as saying in the report late Saturday.
With the data now entering the public domain, there is a real danger that this information can be widely used by cybercriminals for email or SMS spam, robocalls, extortion attempts, threats and harassment, etc. The data is reportedly broken up into download packages by country.
As Cambridge Analytics still haunts nearly 87 million users, including over 5 lakh users from India, this has come as the biggest ever leak of a social media platform that has billions of users. In January this year, reports first surfaced that the phone numbers of 533 million users were currently being sold via a bot on encrypted messaging platform Telegram, which came from a Facebook vulnerability that was patched by the social network in 2019.
According to a report in Motherboard, the person selling the database full of Facebook users' phone numbers ($20 per number) lets customers lookup those numbers by using an automated Telegram bot. Gal had then said: "It is very worrying to see a database of that size being sold in cybercrime communities, it harms our privacy severely and will certainly be used for smishing (the fraudulent practice of sending text messages) and other fraudulent activities by bad actors."
However, this time, the Facebook data leak has been published with more details. In December last year, reports surfaced that a bug exposed the personal information like email addresses and birthdays of Facebook-owned Instagram users.
Saugat Pokharel, an experienced bug hunter from Nepal, discovered it. The attack used Facebook's Business Suite tool, available to any Facebook business account, reported The Verge. According to a Facebook spokesperson, the bug was only accessible for a short period of time during a small test.