The personal information of half a billion Facebook users has been leaked online, according to experts at cyber-intelligence firm Hudson Rock.
The data set, which includes phone numbers, locations, birthdates, Facebook IDs, full names, and email addresses, was discovered on a website used by hackers.
Hudson Rock CTO Alon Gal said the records appear to be a few years old and relate to users in 106 countries. Among the impacted users are over 32 million residing in the United States, 11 million UK residents, and 6 million Facebook users in India.
The Brobdingnagian data leak was first reported by Business Insider on April 3. When questioned by the news source, a Facebook spokesperson linked the incident to a vulnerability that has since been patched.
Speaking to CNN on April 4, Facebook spokesperson Andy Stone said: “This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019.”
Gal said that the age of the data did not preclude it from being effectively exploited by cyber-criminals and identity thieves.
“Bad actors will certainly use the information for social engineering, scamming, hacking, and marketing,” said Gal on Twitter.
Commenting on the data leak, Tim Mackey, a principal security strategist with the Synopsys Cybersecurity Research Center (CyRC), told Infosecurity Magazine: “Attackers define the rules of their attack, and increasingly they are operating just like businesses. But just like any business, there is nothing to say that they too can’t be hacked and their data were stolen.
“When your primary asset is data, that asset is going to be valuable to more than just you. If that data is stolen from one criminal enterprise, that criminal group might not protect their data and it could easily be stolen multiple times.”
After political firm Cambridge Analytica accessed data belonging to as many as 87 million Facebook users without their knowledge or consent, Facebook changed a search feature exploited by the firm.
Stone said: “In 2019, we removed people’s ability to directly find others using their phone number across both Facebook and Instagram—a function that could be exploited using sophisticated software code, to imitate Facebook and provide a phone number to find which users it belonged to.”
