533 million Facebook users’ phone numbers and personal data reported leaked online
Personal information on more than 500 million Facebook users — previously leaked and now made more widely available — was shared online Saturday, according to the news site Insider, worrying experts who said the compromised data could make people more vulnerable to fraud.
Insider said it reviewed a sample of the leaked phone numbers, birth dates, biographical details and more and found that some data matched known Facebook users’ records. The Washington Post has not independently verified the information. Facebook said the leak involved “old” data stemming from a problem resolved in 2019, but the news still sparked renewed scrutiny of a social media giant previously dogged by high-profile concerns about data privacy.
“Bad actors will certainly use the information for social engineering, scamming, hacking and marketing,” tweeted Alon Gal, the co-founder of an Israeli cybercrime intelligence company called Hudson Rock, who flagged the release of the Facebook data Saturday. Social engineering involves getting access to people’s confidential information by gaining their trust rather than overcoming technical barriers — for example, by impersonating a tech support person.
“I have yet to see Facebook acknowledging this absolute negligence of your data,” Gal tweeted. Gal said the compromised data also included Facebook IDs, full names, locations, some email addresses, relationship statuses and other details.
Facebook did not immediately respond to questions Saturday evening, but company spokeswoman Liz Bourgeois tweeted Saturday that the leak detailed by Insider involved “old data that was previously reported on in 2019.”
“We found and fixed this issue in August 2019,” Bourgeois wrote.
Insider said a Facebook spokesperson told the news organization that the data was scraped through a now-fixed vulnerability.
The breach affected more than 533 million users spanning 106 countries, according to Insider, and includes more than 32 million records for users in the United States. (Washington Post)