If you think Facebook’s troubles are over, 2021 says “hold my beer.” It appears that more than 500 million phone numbers and personal details of Facebook users have been posted for free on a low-level hacking forum. This does not appear to be a new security breach, as the leaked data is actually from two years ago, when there was a vulnerability on Facebook’s servers that was exposed and finally fixed. But someone who had access to that data seems to have decided to go ahead and publish all that personal information for free.
Business Insider shared that someone on a low-level hacking forum posted the personal data of more than 500 million Facebook users for free. This includes phone numbers, full names, locations, dates of birth, Facebook IDs, and even email addresses. They went through some of the leaked data and verified it by matching users’ phone numbers to IDs and testing email addresses in the password reset feature.
According to a Facebook spokesperson, the data comes from a vulnerability in 2019 that they have been able to fix since then. This means that the data that has been leaked is around two years old. Still, it can be used to spoof, scam, and hack into people’s accounts, especially those who haven’t protected their accounts. The nefarious elements can definitely take advantage of this and scam uninformed people into providing more data and even login credentials not only on Facebook but also on other sites.
As early as January, there were already indications that the data can be accessed and published for a price. The reports verified that the data was legitimate. But now, the entire dataset is available for free for anyone to access, even if you only have basic data skills. This means that 530,000,000 accounts from 106 countries are now in danger of being exploited. This isn’t actually the first time this has happened to Facebook, so there really is something wrong with the way data is protected.
Worse still, so far there has been no recognition from the social media giant. And although they may not be able to do anything to stop the leak, since everything seems to be in sight. The least we can do is notify users who may be affected so that they are aware of these possible fraudulent schemes that can be used against them.