More than 500 million Facebook user’s data has been stolen

The internet has been on fire since Saturday as 533 million Facebook user accounts had been compromised, according to news reports.

A user on a low-level hacking forum published the lists of hacked Facebook accounts including their phone numbers and personal data for free online access. About 106 countries were affected, including more than 32 million victims in the U.S., 11 million in the UK, and 6 million in India. The leaked information includes their Facebook IDs, full names, phone numbers. Bios, date of birth, locations, and email addresses.

Business Insider reviewed samples of the leaked data and verified several records matching active Facebook user accounts and phone numbers. Some records were also verified by testing email addresses in Facebook’s password reset feature which partially reveals a user’s phone number.

According to a Facebook spokesperson, the data was scraped due to a vulnerability that the company discovered and patched in 2019.

“This is old data that was previously reported in 2019,” the spokesperson said. “We found and fixed this issue in August 2019.”

Alon Gal, CTO of cybercrime intelligence firm, Hudson rock, who first came across the leaked data online said a couple of years old leaked Facebook data could provide cybercriminals with valuable information needed to impersonate people or scam them into handing over personal login credentials.

“A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social engineering of attacks [or] hacking attempts,” Gal told Insider.

Gal said he first discovered the leaked data in January when a user in the same low-level hacking forum advertised an offer to provide access to hundreds of millions of Facebook user details via an automated bot, in exchange for a price. Motherboard reported on the bot’s existence at the time and confirmed that the data was legitimate. It is the same data that was posted on the hacking forum for free, available to anyone with the right skills.

He added that there’s nothing much Facebook can do to help affected users as their details are already available on hacking sites and forums. The best Facebook can do is to notify affected users and ensure that they remain alert for possible scams or frauds that could arise from using their hacked accounts.

“Individuals signing up to a reputable company like Facebook are trusting them with their data and Facebook [is] supposed to treat the data with utmost respect,” Gal said. “Users having their personal information leaked is a huge breach of trust and should be handled accordingly.”

Facebook is one of the largest companies with the biggest data storage in the world and a major attraction for hackers. The company has been grappling with data security for years and has steadily improved its cybersecurity to ensure that its networks and user data are well-secured. In 2018, the company disabled a Facebook feature that allowed users to search for each other via phone number after the company realized that political firm Cambridge Analytica accessed information of up to 87 million Facebook users without their knowledge.

Information has become gold in global markets as corporations and governments are willing to pay huge amounts for it. Sensitive information such as social security numbers, biodata, credit card details, and intellectual property, among others could be worth millions. Through digital technology, data can be collected from different sources on the internet, and as online activities increase the demand for big data storage increases. The likelihood of confidential data being compromised on a larger scale increases each year.