An old hack of Facebook
"This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019" a Facebook spokesperson said on Saturday, when the leak was first reported on by Business Insider. "In 2019, we removed people's ability to directly find others using their phone number across both Facebook and Instagram - a function that could be exploited using sophisticated software code, to imitate Facebook and provide a phone number to find which users it belonged to," Business Insider reports.
The company did not inform users of the breach at the time, and has since fixed the issue. Unfortunately for Facebook, whose reputation is already ailing due to previous breaches and the company's data harvesting practices, the data was already out and in the hands of hackers. According to security experts, the data was first discovered back in January when it began to circulate hacking groups around the web.
The data is now available for free on an undisclosed hacking forum, free to access and easily approachable for anyone with basic skills. The sheer scale of the leak has since been confirmed multiple times by journalists and other experts, who have found their own data, and the data of people they're familiar with, on the database. Experts are now warning both Facebook and users to be aware of potential "social engineering" attacks, better known as phishing--the practice of manipulating users into divulging privileged information using private information to trick users into a false sense of security.
"These are the pieces of data cyber criminals spend time searching for to perform social engineering attacks," said Rachel Tobac, CEO of SocialProof Security. "Now they're all in one place and easily accessible in this leak, which makes social engineering quicker and easier."
- https://www.businessinsider.com/stolen-data-of-533-million-facebook-users-leaked-online-2021-4
- https://www.cnn.com/2021/04/04/tech/facebook-user-info-leaked/index.html
- https://www.bloomberg.com/news/articles/2021-04-03/facebook-data-on-533-million-users-leaked-business-insider
- https://nypost.com/2021/04/03/mark-zuckerbergs-cellphone-number-goes-online-after-facebook-hack/
- https://www.reuters.com/article/us-facebook-cyber-leak/leaker-says-they-are-offering-private-details-of-500-million-facebook-users-idUSKBN2BQ0J8?il=0