On Saturday, the personal data of more than half a billion Facebook users was published for free on a hacking forum.
Speaking to Insider, a spokesperson for Facebook said that the data was scraped by exploiting a vulnerability on their platform that was fixed back in 2019. Insider reviewed and confirmed the validity of several samples found in the leak. This would mean the leaked data is real, if a few years old, but such information would still be valuable to hackers and scam artists who use the information for identity theft or impersonation.
Previously, Facebook came under fire after reports that the social media platform had granted Cambridge Analytica special access to private user behavior information. Cambridge Analytica was subsequently shut down after investigations discovered the firm had collaborated with former president Trump to manipulate voter behavior and sentiment via social media.
Alon Gal, the CTO of cybercrime intelligence firm Hudson Rock, discovered the complete list of leaked data. Gal had previously encountered a user in the same forum advertising a bot selling Facebook user data in January. On Saturday, the complete dataset was released to those forums for free.
The data leak exposed the private data of 533 million users, including phone numbers, real names, locations, birthdates, addresses, and email addresses. The leak includes personal information of over 32 million users in the US and 11 million users in the UK, in all, affecting Facebook users from over 106 different countries.
Gal calls for more transparency from Facebook regarding leaked private information. While the social media platform is helpless to pull any information leaked out into the wild, Gal says that Facebook should warn its users of potential fraud schemes following a leak.
This isn’t the first time the company has been criticized for negligence in handling and securing its users’ data. Facebook was previously fined $5 billion in 2019 for misleading its users about the way advertisers were accessing and using their data, according to allegations by the FTC.