The cell phone numbers and different private info for roughly 533 million Fb customers worldwide has been leaked on a well-liked hacker discussion board at no cost.
The stolen knowledge first surfaced on a hacking neighborhood in June 2020 when a member started promoting the Fb knowledge to different members. What made this leak stand out was that it contained member info that may be scraped from public profiles and personal cellular numbers related to the accounts.
The bought knowledge included 533,313,128 Fb customers, with info equivalent to a member’s cellular quantity, Fb ID, identify, gender, location, relationship standing, occupation, and e mail addresses.
From samples of the Fb knowledge seen by BleepingComputer, nearly each consumer report accommodates a cell phone quantity, a Fb ID, a reputation, and the member’s gender.
Under is a small pattern of USA data displaying the redacted cellular numbers beginning with New York’s 917 cellular space code.
Based on Alon Gal, CTO of cybercrime intelligence agency Hudson Rock, it’s believed that menace actors exploited a now-patched vulnerability in Fb’s “Add Good friend” function that allowed them to achieve entry to member’s telephone numbers.
It’s unknown if this alleged vulnerability allowed the menace actor to retrieve all the info within the leaked knowledge or simply the telephone quantity, which was then mixed with info scraped from public profiles.
After the preliminary sale of the information, which is believed to be for $30,000, one other menace actor created a non-public Telegram bot that allowed different menace actors to pay to look via the Fb knowledge.
Fb knowledge leak launched at no cost
At present, this Fb knowledge leak has been launched at no cost on the identical hacker discussion board for eight website ‘credit,’ a type of foreign money on the hacker discussion board, equal to roughly $2.19.
Whereas knowledge breaches are initially bought in personal gross sales for a excessive value, it is not uncommon for them to be bought for decrease and decrease costs till they’re ultimately launched at no cost as a approach of incomes repute throughout the hacker neighborhood.
“As is the case each time, folks started to promote for cheaper and cheaper till it leaked at no cost,” Gal advised BleepingComputer in a dialog.
The highest 20 nations the place members had been uncovered on this leak are listed under:
|Nation||Variety of customers|
Knowledge can be utilized to conduct assaults
This launch has been met with enthusiasm by different menace actors on the hacker discussion board as they’ll use it to conduct assaults on the folks listed within the knowledge leak.
For instance, menace actors can use e mail addresses for phishing assaults and cellular numbers for smishing (cellular textual content phishing) assaults.
Menace actors may also use cellular numbers and leaked data to carry out SIM swap assaults to steal multi-factor authentication codes despatched by way of SMS.
It’s suggested that each one Fb customers be cautious of unusual emails or texts requesting additional info or telling you to click on on enclosed hyperlinks.
BleepingComputer has contacted Fb concerning the knowledge leak however has not acquired a response at the moment.