Personal data from 533 million Facebook accounts has reportedly leaked online for free, according to security researcher Alon Gal. Insider said it verified several of the leaked records.
âThe exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India,â according to Insider. âIt includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and â in some cases â email addresses.â
If that 533 million number might sound familiar to you, thatâs because this information is apparently from the same dataset that people could pay for portions of using a Telegram bot, which Motherboard reported on in January. Now, though, it appears that those who want to get their hands on the data wonât have to pay anything at all.
Facebook told Insider that this data was scraped because of a vulnerability that it fixed in 2019. The company gave a similar answer to Motherboard in January. âThis is old data that was previously reported on in 2019,â Facebook told BleepingComputer. âWe found and fixed this issue in August 2019.â Facebook has not replied to a request for comment from The Verge.
Troy Hunt, the creator of the Have I Been Pwned database, said on Saturday that âI havenât seen anything yet to suggest this breach isnât legit.â In the data, he found only about 2.5 million unique email addresses (which is still a lot!), but apparently, âthe greatest impact here is the phone numbers.â Hereâs what that might mean, in Huntâs words:
If you can, I strongly recommend taking a couple minutes to read Huntâs full Twitter thread about the breach.
Hunt has already loaded the leaked email addresses into Have I Been Pwned, meaning you can check to see if yours was included as part of the dataset. He is still considering whether or not to make the leaked phone numbers available through the service.