A massive database containing the personal information of over 500 million Facebook users has been posted on a hacking forum for free, enabling cyber criminals from all over the world to exploit the data to target Internet users worldwide.
The massive database was initially created by hackers who exploited a critical vulnerability in the Facebook application to scrape the personal information of millions of users from all over the world. According to Alon Gal, the co-founder and CTO of Hudson Rock, the database contained information of around 533 million users, including 11.5 million people in the UK and 32 million people located in the United States.
As recently as in January this year, operators of the database allowed Telegram users to query the database in exchange for a fee, enabling the latter to view phone numbers associated with millions of Facebook accounts. However, things got much worse recently when a hacker made the entire database available on a Dark Web forum for free, enabling anyone with basic data skills to view the personal information of 533 million Facebook users.
According to Business Insider, personal information of Facebook users stored in the database includes users’ “phone numbers, Facebook IDs, full names, locations, birthdates, bios, and – in some cases – email addresses.” The massive trove of data was exfiltrated by hackers who exploited a vulnerability in the Facebook application to scrape user data.
The vulnerability, according to an Apple spokesperson, was fixed in 2019, indicating the database does not contain the information of users who joined the platform after the fix was introduced. However, it may be fair to assume that a vast majority of the leaked accounts are still in use, and information such as email addresses and phone numbers are still the same for the affected users.
This isn’t the first time that Facebook, by far the world’s largest social networking platform, has allowed hackers to scrape and exfiltrate the personal data of millions of users. In April last year, a hacker put up over 267 million Facebook records, including users’ profile IDs, names, and phone numbers, for sale on a Dark Web forum.
The publicly accessible and unsecured database was discovered by security researcher Bob Diachenko who counted over 267 million Facebook IDs, phone numbers, full names, and timestamps, with most of the records associated with American users.
According to Comparitech who partnered with Diachenko to investigate the unsecured database, cyber criminals could have obtained the information from Facebook’s developer API that gave developers access to profiles, friends list, groups, and photos. Until 2018, developers could also access phone numbers associated with unique Facebook profiles.