The personal data of 533 million Facebook users, including 36 million in the U.S., was leaked by a user in a low-level hacking forum on Saturday - including their “phone numbers, Facebook IDs, full names, locations, birthdates, bios, and, in some cases, email addresses,” according to Business Insider.
Alon Gal, the chief technology officer of the cybercrime intelligence firm Hudson Rock, discovered the leak on Saturday, saying that "A database of that size containing the private information such as phone numbers of a lot of Facebook's users would certainly lead to bad actors taking advantage of the data to perform social-engineering attacks [or] hacking attempts."
"Individuals signing up to a reputable company like Facebook are trusting them with their data, and Facebook [is] supposed to treat the data with utmost respect," he added. "Users having their personal information leaked is a huge breach of trust and should be handled accordingly."
All 533,000,000 Facebook records were just leaked for free.— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.
I have yet to see Facebook acknowledging this absolute negligence of your data. https://t.co/ysGCPZm5U3 pic.twitter.com/nM0Fu4GDY8
The data had previously been advertised on the same hacking forum in January, but for a price. Now the data is available for free worldwide.
While users are not in immediate danger of their Facebook accounts being compromised or hacked because passwords were not leaked, it is important that users remain vigilant about phishing schemes or fraud.
This is not the first, and likely not the last time the personal data of Facebook users has been leaked online. In 2019, a “vulnerability” was discovered that allowed millions of phone numbers to be uncovered and leaked. Facebook claimed to have patched said “vulnerability” in August 2019, but according to a Facebook spokesperson, it was abused again to gather the data that was leaked on Saturday.
On Sunday, it was reported that Facebook CEO Mark Zuckerberg's phone number appeared to have been among the leaked data.