On Apr. 3, a user in a low level hacking forum posted the phone numbers and the personal data of 533 million Facebook users for free.

The exposed data includes the personal information of users from 106 countries, including more than 32 million records on users in the United States, 11 million on users in the UK, and 6 million on users in India.

The hacking included Facebook IDs, phone numbers, locations, full names, bios, birthdates, and email addresses.

Facebook users attacked by hacker

Business Insider reviewed a sample of the leaked data and verified the records by matching known Facebook users' phone numbers with the IDs that are listed in the data set.

The publication also verified records by testing the email addresses from the data set in Facebook's password reset feature, which can be used to reveal the phone number of the Facebook user.

A Facebook spokesperson told Business Insider that the data was scraped because of a vulnerability that Facebook patched back in 2019.

Also Read: Facebook's Messenger Call Bug That Lets Hackers Listen to Users Gets Fix Thanks to Google's Project Zero Bug Team!

The fact that the data seems to have been obtained through scraping is bound to shake some nerves at the Facebook headquarters, which has faced outrage over scraping incidents in the past.

According to Gizmodo, the most infamous scraping incident has been the Cambridge Analytica scandal, in which the analytics firm harvested user data of millions of users without their consent and used it to predict and to influence the users at the polls.

The director of strategic response communications at Facebook, Liz Bourgeois, posted on Twitter on Apr. 3 that this is old data that was previously reported on in 2019.

She said that they found and fixed the issue back in August 2019.

Facebook's security

Although it is a couple of years old, the leaked data could give valuable information to cybercriminals who use people's personal information to impersonate them or to scam them into handing over login credentials, as per Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, who discovered the whole trough of leaked data online.

Gal told Business Insider that the database of that size containing the private information like phone numbers of a lot of Facebook's users would definitely lead to people taking advantage of the data to perform social engineering attacks or hacking attempts.

Gal first discovered the leaked data back in January when a user in the same hacking forum advertised an automated bot that could give phone numbers Facebook users in exchange for a certain amount of money.

The Motherboard reported on that bot's existence at the time and verified that the data was real. The whole dataset has been posted on the hacking forum for free, making it available to anyone with rudimentary data skills.

Cybersecurity expert stated that there is not much that Facebook can do to help users at this point since the data is already out there besides letting them know that it happened and telling them to be careful of scams.

But there are still some questions that are unanswered.

Will Facebook do more to protect the users? Even if the data is from 2019, it is still dangerous for Facebook users.

Related Article: Hackers Steal 81,000 Facebook Accounts, Selling Them for as Low as 10 Cents Each

This article is owned by Tech Times

Written by Sieeka Khan