In what is likely a gold mine for evil actors, personal data of approximately 533 million Facebook users worldwide was leaked for free on a popular cybercrime forum, which was accessed by hackers in 2019 via a Facebook vulnerability.
The leaked data includes full names, Facebook IDs, cell phone numbers, locations, email addresses, gender, occupation, city, country, broken marital status, account creation date and other profile details broken down by country, with more than 32 million records on users in the USA owns 11 million users in the UK and six million users in India, among others.
[Blocked Image: https://thehackernews.com/images/-CTf1MSwldzQ/YGXEz6LA-PI/AAAAAAAA3uc/rCPCs1B8hBI5fgrMcRZGit_0hHWFhVsBQCLcBGAsYHQ/s728-e100/thn-728-3.png]
In total, the data offered includes user information from 106 countries. In addition, the data seem to have been obtained by exploiting a security hole that enabled automated scripts to read the public profiles of Facebook users and the associated private phone numbers en masse. The vulnerability has now been fixed by Facebook.
[Blocked Image: https://thehackernews.com/images/-BhonpSN_gFQ/YGmLU0NCYOI/AAAAAAAACKo/CjgnuNYVtSQCp74dnPvWGLTnHuDVdVL8QCLcBGAsYHQ/s728-e1000/facebook.jpg]
[Blocked Image: https://thehackernews.com/images/-3vsZOogy3Zw/YGmLUSnniuI/AAAAAAAACKk/8ra6dORl3-0AzxJQdxKP4pqnviJCDZZoACLcBGAsYHQ/s728-e1000/facebook-data.jpg]
“This is old data that was reported back in 2019. We found and fixed this issue in August 2019, ”said Liz Bourgeois, Facebook’s director of Strategic Response Communications, in a tweet on Saturday.
Old data or not, the fact that the data was apparently obtained by scraping Facebook profiles further complicates the company’s equation with privacy, even if it surfaced relatively unscathed in the wake of the Cambridge Analytica data scandal in which the UK Consulting firm has amassed the personal data of millions of Facebook users without their consent for political advertising purposes.
[Blocked Image: https://thehackernews.com/images/-bvTgvb1scMU/YGXEzvWWDTI/AAAAAAAA3uU/FkCk24WAH8gQPV-lbOs4cDw_tp2ug151QCLcBGAsYHQ/s728-e100/thn-728-1.png]
While this data dump appears to have been trading in cybercrime communities since at least last year, a Telegram bot that popped up in early January of this year allowed users to look up a phone number and get the corresponding user’s Facebook ID, or vice versa, for a charge.
But since the data is now publicly available and free, it is likely that the leak allowed malicious adversaries to use the information for social engineering, marketing fraud, and other cybercrimes. Users who have shared their phone numbers and email addresses with Facebook and haven’t changed them since 2019 are advised to be wary of possible smishing attacks, spam calls and fraud.
Did you find this article interesting? Follow THN on Facebook, Twitter and LinkedIn for more exclusive content we publish.
Einige Teile dieses Artikels stammen aus:
thehackernews.com
–
