The personal data of approximately 533 million Facebook users have reportedly been leaked and circulating online for free. According to Business Insider, the personal information was initially leaked prior to being made widely available to the public.
In its article, Business Insider said that it reviewed and verified a number of the leaked data records. In a statement, the news site claimed that the personal mobile number of Facebook chief executive officer Mark Zuckerberg was also included in the massive data leak.
Among Zuckerberg’s leaked information online include his names, location, date of birth, marriage details, and Facebook user ID. For other individuals and accounts, the full names, birthdates, bios, locations, email addresses, phone numbers, and Facebook IDs have been compromised.
The Business Insider report cites security researcher Alon Gal, the chief technology officer of Hudson Rock, a cybercrime intelligence company, who first flagged the leaked data on Saturday, April 3, 2021. Gal took to social networking platform Twitter to share his findings and sentiments in a series of tweets.
In a statement via his Twitter account @UnderTheBreach, he said, “I have yet to see Facebook acknowledging this absolute negligence of your data… Bad actors will certainly use the information for social engineering, scamming, hacking and marketing.”
Insider states that the data leak spans 106 countries. Of this number, the data came from “over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India.”
Besides the aforementioned users, other countries that have had the most user data compromised include Egypt, Tunisia, Italy, Saudi Arabia, France, Turkey, Morocco, Colombia, Iraq, Africa, Mexico, Malaysia, Algeria, Spain, Russia, Sudan, Nigeria, and Peru.
Based on the article released by Bleeping Computer and in relation to the data leak, a Facebook representative told the news site that, “This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019.”
Despite this, Bleeping Computer states that this incident still puts a number of users under vulnerability, given that many people utilize the same email addresses and phone numbers for a couple of years.
This incident also opens up account holders to threats, with malicious actors taking advantage of their personal data for scams and other similar attacks. Phishing attacks and smishing for mobile devices have been relatively popular scams, notes Bleeping Computer. SIM card swap attacks have likewise been performed to obtain codes sent through text messages.