The personal data of 533 million Facebook users has now been made publicly available for free online and a spokesman said on Wednesday the company did not notify the affected users and has no current plans to do so.
Over half-billion Facebook user’s personal info now available free online
The personal data of 533 million Facebook users from 106 countries, originally leaked in 2019 and sold online, has now been made publicly available for free in a public database, and according to a report by Reuters, a spokesperson for Facebook Inc said the company has not notified the affected users and does not currently have plans to do so as of Wednesday.
According to the Facebook spokesman, the company said it was not confident that it had full visibility on which affected users would need to be notified. Further, social media site said it had no plans to notify users after taking into account that users could not fix the issue and that the data was publicly available, that the company plugged the leak in 2019, and considering that the scraped data did not include any financial information, health information or passwords.
Still, the information that is in the collated data, which is now freely available to the public, of which originally came from Facebook, could provide valuable information for abuses in the hands of bad actors.
What personal info was leaked?
The information that can be gathered from the publicly available exposed data includes full names, phone numbers, locations, birth dates, bios, Facebook IDs, and in some cases–email addresses, Business Insider reported.
The leaked information being made freely available was first discovered in flagged by Alon Gal, CTO of Israeli-based cybercrime intelligence firm Hudson Rock, who initially reported the scope of the leak, as well as the information taken and potential risks.
Gal tweeted: “All 533,000,000 Facebook records were just leaked for free. This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked. I have yet to see Facebook acknowledging this absolute negligence of your data.”
“Details include: Phone number, Facebook ID, Full name, Location, Past Location, Birthdate, (Sometimes) Email Address, Account Creation Date, Relationship Status, Bio.”
Victims could become targets of scams, social engineering
According to Business Insider, Gal said, “While a couple of years old, the leaked data could provide valuable information to cybercriminals who use people’s personal information to impersonate them or scam them into handing over login credentials.”
“Bad actors will certainly use the information for social engineering, scamming, hacking and marketing,” Gal tweeted.
“Social engineering involves getting access to people’s confidential information by gaining their trust rather than overcoming technical barriers, for example, by impersonating a tech support person,” the Washington Post reported.
Facebook says leak was “old data”
A spokesperson for Facebook downplayed the wide dissemination of the data to the public for free calling it “old data.”
“This is old data that was previously reported on in 2019,” wrote spokesperson Liz Bourgeois, from Facebook’s Communications department. “We found and fixed this issue in August 2019.”
Facebook is referring to a vulnerability that allowed the information to be scraped from a database, the social media company fixed in 2019.
However, these comments by the Facebook spokesperson ignores a simple fact: Whether the company has fixed the leak and whether the data itself is old or not, some things never change – like the name of the affected user, for example. Further, meaning people may have not changed their phone numbers, email addresses, location or information in their personal bios. If none of these things have changed, then it doesn’t matter how old the data itself is, if it is accurate, the user is now vulnerable to hackers and other bad actors.
Facebook has history of breaches, landmark settlement with FTC in 2019
Facebook has had a history of data breaches. Mark Zuckerberg took out a full-page advertisement in the New York Times in March 2018 about another data breach that occurred. One of the most notable was the incident involving political firm Cambridge Analytica which accessed information of up to 87 million Facebook users without their knowledge or consent, Wish TV reported.
The U.S. Federal Trade Commission reached a landmark settlement with Facebook in 2019 after its investigation into allegations the company misused user data.
