The personal data of more than half a billion Facebook Inc. users reemerged online for free on Saturday, a reminder of the company’s ability to collect mountains of information and its struggles to protect these sensitive assets.
The leak includes personal information on 533 million Facebook users, such as phone numbers, Facebook IDs, full names, locations, birth dates, bios and in some cases email addresses, Business Insider reported.
“This is old data that was previously reported on in 2019,” a Facebook spokesperson wrote in an email statement. “We found and fixed this issue in August 2019.”
At the time, the company addressed a flaw in its technology that allowed the information to leak out. However, once such data escapes from Facebook’s network, the company has limited power to stop it from spreading online.
Alon Gal, chief technology officer of cybercrime intelligence firm Hudson Rock, discovered the data again on Saturday.
All 533,000,000 Facebook records were just leaked for free.
— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.
I have yet to see Facebook acknowledging this absolute negligence of your data. https://t.co/ysGCPZm5U3 pic.twitter.com/nM0Fu4GDY8
Databases, especially if they are large or rare, aren’t often shared widely right away because “the people who hold it will attempt to monetize it for as long as they can,” Gal said in a message on Twitter. “The process sometimes takes years, sometimes days, but eventually all private databases leak if they were sold around.”
Data leaks threaten to undermine Facebook’s business model of gathering a large amount of personal information and using that to sell targeted ads.
The information is available for free on a hacking forum, making it widely accessible to anyone with rudimentary data skills, Business Insider said. The publication verified several records by matching known Facebook users’ phone numbers with the IDs listed, and confirmed other records by testing email addresses from the data set in Facebook’s password reset feature, which can be used to partially reveal a user’s phone number.
(Updates with comment from cyber intelligence firm that discovered data leak in sixth paragraph.)
Dear Reader,
Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.
We, however, have a request.
As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practise the journalism to which we are committed.
Support quality journalism and subscribe to Business Standard.
Digital Editor
RECOMMENDED FOR YOU