Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

Personal data for 533 million Facebook users leaks on the web

mood

By mood
in Security & Privacy News

Recommended Posts

mood

mood

Posted
Posted

Personal data for 533 million Facebook users leaks on the web

It had been circulating privately since January.

 

a70d0a60-94a0-11eb-b7ce-5b849fc4ade7.cf.

Tim Bennett on Unsplash

 

Hackers were reportedly sharing a massive amount of personal Facebook data in January, and now that data appears to have escaped into the wild. According to Business Insider, security researcher Alon Gal has discovered that a user on a hacking forum has made the entire dataset public, exposing details for about 533 million Facebook members. The data includes phone numbers, birth dates, email addresses and locations, among other revealing info.

About 32 million of the users are in the US, while 11 million are from the UK and another 6 million come from India.

 

Gal first spotted the data in January, when Telegram users could pay to search the database. The intruders reportedly took advantage of a flaw that Facebook fixed in August 2019 and reportedly includes information from before that fix. You might not be in trouble if you're a relative newcomer or have changed key details in the time since the fix, but the breach still leaves many people vulnerable.

 

We've asked Facebook for comment.

 

As Gal noted, Facebook can only do so much when the data is already in circulation and the related flaw is no longer an issue. The social network could notify affected users, though, and there's pressure on the company to alert affected users so they can watch for possible spam calls and fraud.

 

All 533,000,000 Facebook records were just leaked for free.

This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.

 

I have yet to see Facebook acknowledging this absolute negligence of your data. https://t.co/ysGCPZm5U3 pic.twitter.com/nM0Fu4GDY8

— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021

 

 

Source: Personal data for 533 million Facebook users leaks on the web

Link to comment
Share on other sites
  • Replies 2
  • Views 386
  • Created
  • Last Reply
mood

mood

Posted
  • Author
Posted

Have I Been Pwned adds search for leaked Facebook phone numbers

 

facebook-mobile-header.jpg

 

Facebook users can now use the Have I Been Pwned data breach notification site to check if their phone number was exposed in the social site's recent data leak.

 

Last weekend, a threat actor released a data leak containing information for 533 million Facebook users. This information includes phone numbers and Facebook IDs for almost all exposed accounts and other optional information such as a member's name, gender, relationship status, location, occupation, date of birth, and email address.

 

This data was initially collected in 2019 and sold privately at the time. Over time, the data was traded and sold between different threat actors for lower and lower prices until it was eventually released for free on the hacker forum this weekend.

 

initial-sale.jpg

Facebook data leak released on a hacking forum

 

When it was released, the data was added to the Have I Been Pwned data breach notification service so that users can look up whether their emails were in the Facebook data leak.

 

However, this leak's main component is a Facebook user's phone number, rather than an email address, and thus Have I Been Pwned could not accurately alert a user if they were exposed in the breach.

"There's over 500M phone numbers but only a few million email addresses so >99% of people were getting a "miss" when they should have gotten a "hit"," Have I Been Pwned creator Troy Hunt explained in a blog post.

 

To more accurately alert users, Hunt has updated Have I Been Pwned so that users can now search for their phone numbers on the site to determine if the leak exposed their Facebook info.

 

When searching for phone numbers, users must include their country code as that is how the data leak stored the number.

 

For example, in the sample of exposed New York users below, the phone numbers start with the country code of 1, followed by the person's full number. 

 

phone-numbers.jpg

Sample of leaked Facebook users from New York

 

For example, if you wanted to check if your phone number was part of the Facebook data leak, you would need to use a search in the format '19175555555.' If you are in the UK, you would need to include your country code as well, so a searchable phone number format would be '+442071838750.'

 

Hunt states that the + symbol is optional and will be stripped when searching, as shown below.

 

phone-number-search.jpg

Searching Have I Been Pwned with a phone number

 

With this new feature added, Have I Been Pwned has become a valuable tool for Facebook members to determine if the data leak exposed their data.

 

Unfortunately, when data leaks such as this one are released, it is common for other threat actors to use this information in their own attacks.

 

If your data was exposed, you should be on the lookout for Facebook phishing emails or smishing (phishing texts) attacks that attempt to harvest more information from you.

 

 

Source: Have I Been Pwned adds search for leaked Facebook phone numbers

Link to comment
Share on other sites
starsfighter

starsfighter

Posted
Posted

PWned:tooth: i hear the voice of my fav game "No System is $afe" XD

great covering mood :king:

37 minutes ago, mood said:

When searching for phone numbers, users must include their country code as that is how the data leak stored the number.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...