The data of up to 533 million Facebook users has appeared for free online in a low-level hacking forum.
Originally reported by Business Insider, the hacked data had the phone numbers, Facebook IDs, locations, birth dates, full names and even email addresses of Facebook users. The leak contains the details of users from 106 different countries, including the UK, US and India.
Twitter user @Underthebreach tweeted the leak yesterday. They stated “if you have a Facebook account, it is extremely likely the phone number used for the account was leaked”.
The leaked data could be used fraudulently, allowing hackers to purchase items online using users’ personal details.
Twitter user @Underthebreach, who also goes by Gal, discovered the leak in January. A user on an online hacking forum advertised an automated bot that provided phone numbers for Facebook users in exchange for currency.
The entire dataset from that hack is now online and available for free to any one who has the ability to process it.
Worryingly, the exploit was found early last year. Hackers had access to phone numbers linked to every account that had been exploited.
Facebook acknowledged the exploit at the time, but unfortunately, once something is on the internet it is out there for everyone to see.
This isn’t the first time Facebook has been under fire for how it handles data. The Cambridge Analytica scandal saw 80 million users’ data scraped in violation of Facebook’s terms of service. Voters in the 2016 American election were targeted using the leaked data.
The same exploit was used in the Brexit referendum. Political influencers utilised leaked date to send out targeted ads filled with misinformation.
Facebook has not publically commented on the data breach.