On April 3, 2021, a user in a recreational hacking forum posted files containing the personal data – including phone numbers, names, birth dates, email addresses, and more – of hundreds of millions of Facebook users. Over half a billion users are affected, which is almost one-fifth of the social media platform’s active population.
According to a Facebook spokesperson, the data comes from a leak which was patched over a year and a half ago. Regardless, the exposed information may leave many vulnerable to scams or identity theft.
“A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social-engineering attacks [or] hacking attempts,” said Alon Gal in an interview with Business Insider. Gal is the chief technology officer of Hudson Rock, the cybercrime intelligence firm which was monitoring the forum and discovered the immense leak.
The leak and what it contained were known by Facebook as early as January, when another user posted an automated bot that could, for a fee, produce the phone number of many Facebook users. What changed on Saturday is that the entire leaked ‘trough’ of data was put up for free, accessible to anyone.
There is little concrete that Facebook can do at this point to help those affected; the data is out, and according to them, the breach is sealed. But critics point out that Facebook has done little to identify or notify which users have had their personal information exposed.
“Individuals signing up to a reputable company like Facebook are trusting them with their data, and Facebook [is] supposed to treat the data with utmost respect,” said Gal. “Users having their personal information leaked is a huge breach of trust and should be handled accordingly.”
Photo by mundissima / Shutterstock.com