According to a security analyst, the sensitive information of over 500 million Facebook users has been leaked for free on a popular hacking forum a couple of hours ago.
This has also been viewed as a potential risk to millions of crypto traders and investors who could have been exposed to SIM swapping and other attacks related to identity.
The information was first discovered and shared by the CTO of the security firm Hudson Rock, Alon Gal, who shared it with his followers in a thread of tweets some hours ago.
Alon Gal tweeted, “All 533,000,000 Facebook records were just leaked for free. This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked. I have yet to see Facebook acknowledging this absolute negligence of your data.”
All 533,000,000 Facebook records were just leaked for free.
This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.
— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
Going by Gal’s account, the leak is related to a security vulnerability first discovered in 2019. In January 2021. It was revealed that hackers were able to use the information to access user’s phone numbers.
Regarding the recent security breach, Gal stated that the details of Facebook users leaked to the public for free include:
“Phone number, Facebook ID, Full name, Location, Past Location, Birthdate, (Sometimes) Email Address, Account Creation Date, Relationship Status, Bio. Bad actors will certainly use the information for social engineering, scamming, hacking and marketing,” Alon Gal added.
Gal also added that the information could now enable hackers and scammers to deploy a variety of social manipulation exploits and other nefarioustactics:
“Bad actors will certainly use the information for social engineering, scamming, hacking and marketing.”
Cryptocurrency users are at particular risk of such attacks. Earlier this year, a victim of a sim-swapping attack sued mobile phone company T-Mobile for $450,000, and in 2018 Kaspersky Labs found that hackers were able to steal 21,000 ETH, currently worth over $43 million, in social engineering attacks over a 12-month period.