A user on a hacking forum has posted the phone numbers and personal details of hundreds of millions of Facebook users for free online, Business Insider reported Saturday. The exposed data includes personal information from more than 533 million Facebook users from 106 countries, including more than 32 million user records in the US, 11 million users in the UK, and 6 million users in the UK. India. It includes their phone numbers, Facebook IDs, full names, locations, dates of birth, biographies, and in some cases, email addresses.
Insider reviewed a sample of the leaked data and verified multiple logs by matching the phone numbers of known Facebook users to the IDs listed in the dataset. The business news website also verified the records by testing the email addresses from the dataset in Facebook’s password reset feature, which can be used to partially reveal a user’s phone number. Reuters was unable to immediately examine the information, which is offered for a few euros in digital credit on a site known to low-level hackers, but Alon Gal, chief technology officer at cybercrime intelligence firm Hudson Rock, said that He had verified the authenticity of at least some of the data by comparing it with the phone numbers of people he knew. The leaked data could provide valuable information to cybercriminals who use people’s personal information to impersonate them or scam them into providing login credentials, according to Gal, who first discovered the leaked data on Saturday. Facebook FB, + 1.40% did not immediately respond to multiple requests for comment from Business Insider, Axios or Reuters. Gal first discovered the leaked data in January when a user on the same hacking forum announced an automated bot that could provide phone numbers for hundreds of millions of Facebook users in exchange for a price. Motherboard reported the existence of that bot at the time and verified that the data was legitimate. Now the entire dataset has been posted to the hacking forum for free, making it widely available to anyone with basic data knowledge. This is not the first time that a large number of Facebook users’ phone numbers have been exposed online. A vulnerability that was discovered in 2019 allowed millions of phone numbers to be pulled from Facebook’s servers in violation of its terms of service, TechCrunch reported. Facebook said the vulnerability was fixed in August 2019.