In yet another cyberattack exposing critical data of over 61 lakh Indians, a hacker has posted the phone numbers and sensitive account details of nearly 533 million Facebook users, which is about a fifth of the social networking platform’s entire user base. According to reports, the critical data of over 61 lakh Indian users has been dumped on a public cybercrime forum.
The leaked data includes Facebook ID numbers, profile names, email addresses, location information, gender details, job data, and other details.
“All 533,000,000 Facebook records were just leaked for free. This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked,” Alon Gal, CTO of security firm Hudson Rock tweeted.
“I have yet to see Facebook acknowledging this absolute negligence of your data,” Rock said in a tweet. Facebook has also confirmed the leak to The Record.
“This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019,” a Facebook spokesperson was quoted as saying in the report late on Saturday.
Cybersecurity experts believe that with the new data entering the public domain, there is a real danger that this information can be used by cybercriminals for email or SMS spam, robocalls, extortion attempts, threats and harassment.
Earlier in January, reports of such leaks first surfaced claiming that the phone numbers of 533 million users were currently being sold via a bot on encrypted messaging platform Telegram, which came from a Facebook vulnerability that was patched by the social network in 2019.
According to a report in Motherboard, the person selling the database full of Facebook users’ phone numbers ($20 per number) lets customers look up those numbers by using an automated Telegram bot.
Gal earlier said, “It is very worrying to see a database of that size being sold in cybercrime communities, it harms our privacy severely and will certainly be used for smishing (the fraudulent practice of sending text messages) and other fraudulent activities by bad actors.”
In December last year, reports surfaced that a bug exposed the personal information like email addresses and birthdays of Facebook-owned Instagram users.