Facebook data on 533 million users dumped on hacking forum

The company says this is old data previously reported in 2019

In a major breach of privacy, personal details of over half a billion Facebook users have been leaked online on a hacking forum.

The exposed data reveals personal details of more than 533 million Facebook users from 106 countries, including over 44 million records on users in Egypt, 39 million in Tunisia, 32 million in the US and 11 million in the UK.

It includes their full names, phone numbers, gender, date of birth, location, relationship status and email address.

A Facebook spokesperson told Business Insider "this is old data that was previously reported on in 2019".

In 2019, the phone numbers of over 419 million Facebook users (initially) were discovered online in an unsecured online database. The database included the real name, country and gender of many users. It was found that the hackers were able to steal users' data by exploiting a Facebook vulnerability, which enabled anyone to discover the phone number linked with a Facebook ID or vice-versa. The issued was fixed by Facebook in 2019.

Earlier this year, Alon Gal, co-founder of cybersecurity firm Hudson Rock, claimed that a hacker was using a Telegram bot to sell Facebook users' phone numbers, or the Facebook IDs linked with a known phone number. The bot allowed users to query the database for a fee of $20, enabling them to find the phone numbers linked to a very large portion of Facebook accounts.

On Saturday, Gal disclosed that the entire dataset is now available for free on a hacking forum, making it widely accessible to anyone with basic data skills.

While data breaches are initially sold for a high price in private sales, they are later commonly sold for less before being released for free by hackers as a way of earning reputation within the hacker community.

https://twitter.com/UnderTheBreach/status/1378314424239460352?ref\\_src=twsrc%5Etfw

Business Insider said that it verified several records by matching phone numbers of known Facebook users with the IDs listed. Some records were confirmed by testing email addresses from the data set in Facebook's password reset feature.

Troy Hunt, CEO of haveibeenpwned.com, said in a Tweet that Facebook users will soon be able to check whether their details were included in the leak.

https://twitter.com/troyhunt/status/1379244231059927042?ref\\_src=twsrc%5Etfw

This is not the first time that personal details of Facebook users' have been leaked online.

In 2013, Facebook admitted that it had exposed six million users' private phone numbers and email addresses to unauthorised viewers. The company said that a technical bug was to blame for the data breach.

In 2012, Facebook disclosed a breach that saw hackers exploiting a bug in Facebook's code that impacted 'View As', a feature that enables people see what their own profile looks like to someone else.

This enabled the attackers to access users' authentication tokens and steal personal details of hundreds of thousands of users.