Account info swiped in 2019, sold online, now given away for free
Reams of personal data – including phone numbers, email addresses, and birthdays – obtained from 533 million Facebook accounts was offered to all for free on a cyber-crime forum over the weekend.
The data dump was flagged up by Alon Gal, co-founder and CTO of infosec startup Hudson Rock. The information – which also includes people’s names, marital status, occupation, and location – was siphoned from Facebook in 2019 via a security weakness in the platform. The data was packaged up and sold online to miscreants in June 2020.
Now that same database is up for grabs to anyone who messages a particular Telegram account and asks nicely. The records were pilfered from hundreds of millions of Facebook profiles spread across 104 countries; that includes 32,315,282 accounts in the US, and 11,522,328 in the UK, according to a post on the underground forum viewed by The Register. All of the data amounts to over 70GB. It’s reported the price tag on the database has been falling, and now it’s free of charge.
Facebook is keen to shrug this off. We’re told the data theft was in the news in 2019, and the exploited security hole was closed that same year.
That doesn’t quite change the fact that people’s stolen info has been circulating online for nearly three years, and that even though it all happened in 2019, names, dates of birth, contact details, and other data are unlikely to have changed in that time.
Instead, it’s likely the data is still largely useful for fraudsters to exploit – assuming the vast majority of users put in the correct information on their profiles and not fake info just in case this sort of theft happened.
“This is old data that was previously reported on in 2019,“ a spokesperson for Mark Zuckerberg’s tech giant told us. “We found and fixed this issue in August 2019.”
Meanwhile, Gal told The Register: “Firstly, I’d like Facebook to acknowledge the leak and the importance of it.
“Secondly, they should alert all users that this has happened and have the users be alert to impending social engineering and hacking attacks. Lastly, I think Facebook should rotate Facebook IDs to block bad actors from being able to link phone numbers to Facebook profiles through the leak as can be currently done, this is only a small step but a crucial one.” …
ultrareginarules liked this
radioblueheart reblogged this from merelygifted
merelygifted posted this
