Big Facebook leak spotted
The personal details of over half a billion Facebook users have been leaked online.
Details including phone numbers, email addresses and full names of more than 533 million Facebook users – including Australians – have been exposed.
The data has been published to a hacking forum, and could be used for a variety of crimes, including impersonating people and committing fraud.
Data from the cache has been verified against Facebook's password reset feature and found to be genuine.
Cybersecurity experts say the first signs that such a database may exist came in the form of a post on the hacking forum in January, which advertised an automated bot that could scrape the phone numbers of millions of users.
It now appears that the dataset collected by that bot was published to the forum for free.
It is the latest major security lapse for the social media giant, and could be one of the worst.
It is also embarrassing for Facebook, which announced in 2019 that it had made “large strides on privacy” since the Cambridge Analytica scandal the year before.
Facebook claims that in the most recent hack, data was scraped due to a vulnerability that the company patched in 2019, suggesting the information may be a couple of years old.
“This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019,” Facebook spokesperson Andy Stone told reporters.
“In 2019, we removed people's ability to directly find others using their phone number across both Facebook and Instagram – a function that could be exploited using sophisticated software code, to imitate Facebook and provide a phone number to find which users it belonged to.”
The affected email addresses have been added to the 'Have I been Pwned' platform, allowing users to see if their details are available.