The personal details of more than 553 million Facebook users have been published on a website for hackers, according to multiple reports over the weekend.
The details appeared on Saturday, according to Business Insider, and are also available in 106 different country-based packages, included 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India.
In a statement, Facebook said the data was from a breach of its servers that had occurred in 2019 and it had since plugged the security hole that allowed it to take place.
"This is old data that was previously reported on in 2019," a Facebook spokesperson said. "We found and fixed this issue in August 2019."
While the information appears to be old, the details in the shared database include phone numbers, Facebook IDs, names, locations, birthdates and email addresses, all of which could be used in social engineering attacks or hacking attempts.
In a tweet, cyber researcher Dave Walker said Facebook CEO Mark Zuckerberg was among the millions of users who had had their personal data posted on the forum.
The information was first discovered by Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, who called the leak "a huge breach of trust" by Facebook that "should be handled accordingly," but he added that there was little that the social network could do beyond warning people to stay on the lookout for phishing scams.
In early 2020 a vulnerability that enabled seeing the phone number linked to every Facebook account was exploited, creating a database containing the information 533m users across all countries. It was severely under-reported and today the database became much more worrisome 1/2 pic.twitter.com/ryQ5HuF1Cm — Alon Gal (Under the Breach) (@UnderTheBreach) January 14, 2021
Concerned users are encouraged to check if their email address has been leaked in data breaches using the Have I Been Pwned website. Troy Hunt, the founder of the website, is also considering adding the leaked phone numbers to its search database.
But for spam based on using phone number alone, it's gold. Not just SMS, there are heaps of services that just require a phone number these days and now there's hundreds of millions of them conveniently categorised by country with nice mail merge fields like name and gender. — Troy Hunt (@troyhunt) April 3, 2021
This isn't the first time that hackers have targeted Facebook for its vast trove of user date. In 2018, a security breach allowed hackers to steal data on 29 million users, including details on everything from username and relationship status, to religion, birthdate, and home town.
