Breach Notification , Cybercrime , Fraud Management & Cybercrime

533 Million Facebook Account Records Posted to Forum

Facebook Says Data Comes From Previously Reported 2019 Incident
533 Million Facebook Account Records Posted to Forum

A security researcher has found more than 500 million Facebook records made available for free on the darknet, exposing basic user information, including any phone numbers associated with the accounts.

See Also: OnDemand | Digital Doppelgängers: The Dual Faces of Deepfake Technology

Alon Gal, chief technology officer at Hudson Rock, found the 533 million records in a darknet forum. They represent users in 106 countries and contain phone numbers, Facebook IDs, full names, locations, past locations, birthdates, birthdates and, in some cases, email addresses, account creation dates, relationship status and the biographical information submitted by the account owners.

"Bad actors will certainly use the information for social engineering, scamming, hacking and marketing," he tweeted.

Facebook, in a statement quoted by The Associated Press, claims this is old news.

“This is old data that was previously reported on in 2019,” Facebook reportedly said. “We found and fixed this issue in August 2019.”

Free Access

Gal first spotted the database earlier this year when he noticed that a malicious actor had created and was advertising a Telegram bot that allowed anyone to search the database and find phone numbers linked to accounts, but it was not open at that time.

The database is now available for free, Gal says.

Business Insider reports that the data is several years old and that a Facebook spokesperson says that the data was scraped due to a vulnerability that the company patched in 2019.

Information Security Media Group could not immediately reach a Facebook representative for comment.

Facebook's Data Breach History

In 2018, 30 million Facebook accounts were breached, with 14 million accounts having an extensive amount of information exposed. This information included the account holders' 15 most recent searches, the last 10 places they checked into and the device types used to access Facebook. For another 15 million account holders, the hackers accessed only name and contact details - phone number, email address or both. The attackers did not gain access to any information for another 1 million users whose accounts were affected (see: Facebook Clarifies Extent of Data Breach).

In December 2020, Compliance Week reported that Facebook had set aside $366 million to cover expected EU General Data Protection Regulation fines that could result from an investigation being conducted by Ireland's privacy agency (see: Ireland's Privacy Watchdog Probes Facebook Data Breaches).

About the Author

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to, TheStreet and Mainstreet.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.