Personal data of 533m Facebook users leaked for free on the Dark Web

Personal data of 533m Facebook users leaked for free on the Dark Web

Personal data of 533m Facebook users leaked for free on the Dark Web

A massive database containing the personal information of over 500 million Facebook users has been posted on a hacking forum for free, enabling cyber criminals from all over the world to exploit the data to target Internet users worldwide.

The massive database was initially created by hackers who exploited a critical vulnerability in the Facebook application to scrape the personal information of millions of users from all over the world. According to Alon Gal, the co-founder and CTO of Hudson Rock, the database contained information of around 533 million users, including 11.5 million people in the UK and 32 million people located in the United States.

As recently as in January this year, operators of the database allowed Telegram users to query the database in exchange for a fee, enabling the latter to view phone numbers associated with millions of Facebook accounts. However, things got much worse recently when a hacker made the entire database available on a Dark Web forum for free, enabling anyone with basic data skills to view the personal information of 533 million Facebook users.

According to Business Insider, personal information of Facebook users stored in the database includes users' "phone numbers, Facebook IDs, full names, locations, birthdates, bios, and - in some cases - email addresses." The massive trove of data was exfiltrated by hackers who exploited a vulnerability in the Facebook application to scrape user data.

The vulnerability, according to an Apple spokesperson, was fixed in 2019, indicating the database does not contain the information of users who joined the platform after the fix was introduced. However, it may be fair to assume that a vast majority of the leaked accounts are still in use, and information such as email addresses and phone numbers are still the same for the affected users.

This isn't the first time that Facebook, by far the world's largest social networking platform, has allowed hackers to scrape and exfiltrate the personal data of millions of users. In April last year, a hacker put up over 267 million Facebook records, including users’ profile IDs, names, and phone numbers, for sale on a Dark Web forum.

The publicly accessible and unsecured database was discovered by security researcher Bob Diachenko who counted over 267 million Facebook IDs, phone numbers, full names, and timestamps, with most of the records associated with American users.

According to Comparitech who partnered with Diachenko to investigate the unsecured database, cyber criminals could have obtained the information from Facebook’s developer API that gave developers access to profiles, friends list, groups, and photos. Until 2018, developers could also access phone numbers associated with unique Facebook profiles.

Copyright Lyonsdown Limited 2021

Top Articles

Software security is everyone’s responsibility

The burden of software security often falls solely on security teams, but to be successful, organisations need to make security a team effort

Clubhouse data leak: Data of 1.3m users dumped on a hacker forum

An SQL database containing records of 1.3 million Clubhouse users has been leaked for free on a popular hacker forum.

Iran terms Israeli cyber attack on nuke facility as "nuclear terrorism"

A rumoured cyber attack carried out by Mossad, Israel's official spy agency, destroyed legacy IR-1 centrifuges at Iran's underground nuclear facility located in Natanz.

Related Articles