Data of 533 million Facebook users including phone numbers, Facebook IDs, full names, birth dates and other information have been posted online.
The data dump was Tweeted by Alon Gal, CTO of security firm Hudson Rock. Gal posted a list of affected users by country. According to his list, the US had 32.3 million affected users and UK had 11.5 million. The data was accessed via a Telegram bot.
Other data points in the posting included gender, location and job status. Catalin Cimpanu, at The Record, also reported that he reviewed samples of the leaked data and Facebook confirmed.
The data is reportedly broken up into download packages by country.
With the Facebook data out in the public it's safe to expect it to be used for cybercrime.
A few takeaways:
"The data is old" argument doesn't hold up. Facebook said the data was was collected in 2019 and the company plugged the hole in August of that year. How often are phone numbers connected to Facebook changed? Not frequently if at all. Other information that was published includes full names and birth dates. It's unlikely that information changes either. It's also worth noting that two years old is pretty fresh in data time.
Look for the data to be combined with other scams. Daniel Markuson, digital privacy expert at NordVPN, said the personal information remains a goldmine for scammers and can be combined with pandemic related cybercrimes.
This leak is just another reminder to take care of your data hygiene. If you haven't already improved your security posture with better passwords, multi-factor authentication and other tools it's time to get rolling. And maybe you shouldn't readily share your data.
Facebook is likely to face more scrutiny and the timing isn't so great. Yes, this data was poached in 2019, but lawmakers just love questioning Facebook CEO Mark Zuckerberg over data collection. Meanwhile, tech giants are under more scrutiny than ever.