Today Facebook was shaken by the revelation that the personal information of more than 500 million users was leaked to the public. Buried in the reports is the fact that Facebook knew about this leak as early as January of this year, and did nothing to contain it.
Hackers published the personal information, including phone numbers, Facebook IDs, full names, locations, birthdates, bios, and email addresses publicly on a hacker forum earlier today. Shockingly, Facebook – and the wider Internet – was made aware of this breach as early as January of this year, and the big tech platform seemingly did nothing to mitigate the damage.
Business Insider reported that “A Facebook spokesperson told Insider that the data was scraped due to a vulnerability that the company patched in 2019” and “he leaked data could provide valuable information to cybercriminals who use people’s personal information to impersonate them or scam them into handing over login credentials, according to Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, who first discovered the entire trough of leaked data online on Saturday.”
All 533,000,000 Facebook records were just leaked for free.
This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.
I have yet to see Facebook acknowledging this absolute negligence of your data. https://t.co/ysGCPZm5U3 pic.twitter.com/nM0Fu4GDY8
— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
The leak was first publicized earlier this year, when a hacker attempted to sell access to the private information on a hacking forum. Motherboard reported that “A user of a low-level cybercriminal forum is selling access to a database of phone numbers belonging to Facebook users, and conveniently letting customers look up those numbers by using an automated Telegram bot.”
Facebook apparently knew about this breach since at least this time, and Facebook has apparently done nothing to mitigate the damage. A cyber security expert acknowledged that the big tech platform would likely not be able to stop the damage, but ” Facebook could notify users so they could remain vigilant for possible phishing schemes or fraud using their personal data.”
Facebook has yet to publicly acknowledge the breach or release of the information on its press release web page. Of their recent releases, two pertain to COVID-19 vaccines, one relates to the Oculus virtual reality system owned by Facebook, and another discusses changes to the platform’s news feed.
