Mobile phone numbers and personal data of 533 million Facebook users were posted publicly on the Internet over the Easter weekend. Those affected come from 106 countries. 32 million of them come from the USA alone, 11 million from Great Britain and 6 million from India. It is not currently known how many continental Europeans, including Germans, are among them. In addition to mobile phone numbers, the data also included Facebook IDs, full names, birthdays, locations, profile descriptions and, in some cases, email addresses.
Facebook founder and CEO Mark Zuckerberg himself is said to be affected by the leak. Cyber researcher Dave Walker also claimed the same thing in a gleeful tweet after several media outlets reported it. Facebook itself did not want to comment on this fact to NewsABC.net.
The leaked data has been verified
NewsABC.net used a few random samples to verify that the published data was actually user profile information. For example, we matched cell phone numbers. The “forgot password” function of the social network was also helpful in verifying the data. If you enter the correct email address, part of the stored mobile phone number is revealed. A company spokesman said the data leaked to the public through a data leak that closed in 2019.
There were already signs in January
“Even though it is a few years old, the information could still be very useful to cyber criminals. You could use them to pretend to be the data subjects online or to induce them to give up their login details, ”says Alon Gal, technical director of the cybersecurity company Hudson Rock. The latter had discovered the full extent of the leaked data on Saturday. “Such a large database filled with private information from Facebook users would definitely lead to shady characters using the data it contains to carry out social engineering attacks or hacking attempts,” affirmed Gal.
Gal had already discovered part of the leaked data in January when a member of the same hacker forum advertised an automated bot there. This should be able to get the phone numbers of hundreds of millions of Facebook users for a certain price. The tech magazine Motherboard reported on the bot and verified data. Now the complete data set has been published free of charge in the forum and can thus be misused by almost anyone. Allegedly, you only need rudimentary IT skills for this.
Data abuse is not uncommon
According to the company, this gateway was closed in August 2019. Facebook had already promised some time ago to stop the massive collection of user data. The network came under pressure after Cambridge Analytics targeted potential voters with canvassing ahead of the 2016 US presidential election.
Alon Gal says Facebook can hardly help the victims of the recent leak. After all, their data has long since landed in the public domain. In his opinion, however, the network could notify those affected in order to alert them to phishing or other scams. “People who register with a reputable company like Facebook entrust their data to them. Facebook is committed to treating your data with the utmost respect. The fact that the user data was published is a huge breach of trust and should be treated accordingly, ”the security expert points out.