Phone numbers, email addresses and more are included
Personal data from 533 million Facebook accounts were leaked online for free, according to security researcher Alon Gal. Insider said he checked several of the leaked records.
“The data exposed includes personal information from more than 533 million Facebook users from 106 countries, including more than 32 million user records in the US, 11 million users in the UK and 6 million users in India,” according to with Insider. “It includes your phone numbers, Facebook IDs, full names, locations, dates of birth, biographies and – in some cases – email addresses.”
If that 533 million figure may sound familiar to you, it is because that information is apparently from the same data set that people could pay for parts using a Telegram bot, which Motherboard reported in January. Now, however, it seems that those who want to get their hands on the dice won’t have to pay anything.
Facebook told Insider that this data was deleted because of a vulnerability that was fixed in 2019. The company gave a similar response to Motherboard in January. “These are old data that were reported earlier in 2019,” Facebook told BleepingComputer. “We found and fixed this problem in August 2019.” Facebook did not respond to a request for comment from The Verge.
Troy Hunt, the creator of the Have I Been Pwned database, said on Saturday that “I haven’t seen anything yet that suggests this breach is not legitimate.” In the data, he found only about 2.5 million unique email addresses (which is still a lot!), But apparently “the biggest impact here is the phone numbers”. Here’s what it might mean, in Hunt’s words:
If you can, I strongly recommend that you take a few minutes to read Hunt’s full Twitter topic on the breach.
Hunt has already loaded the leaked email addresses in Have I Been Pwned, which means that you can check whether yours has been included as part of the data set. He is still considering whether or not to make the leaked phone numbers available through the service.