533 million Facebook users’ data leaked
The phone numbers, locations, email addresses and other personal details of 533 million Facebook users have been found on a website used by hackers.
The breach included the records of 32 million US profiles, 11 million UK profiles and 6 million users members from India, as reported by Business Insider.
Although the information (which also included full names, bios and birthdates) is believed to be a few years old, the publication confirmed it could still provide cybercriminals with the details necessary to scam or impersonate compromised individuals.
The leak was first discovered in January 2021 when the co-founder and Chief Technology Officer of respected cybercrime intelligence company Hudson Rock Alon Gal found an automated bot advertising the data on the same hacking forum. Mr Gal then found the entirety of the data collection on Saturday.
Despite this, Facebook's Director of Strategic Response Communications, Liz Bourgeois, claimed the company has already "found and fixed".
"This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019," she tweeted.
Mr Gal, however, has disputed her claims.
"533,000,000 accounts having their personal information leaked is apparently considered 'fixed' by Facebook's definitions," Mr Gal tweeted.
The cyber security expert also called on the social media giant to improve their management of sensitive user information, stating that members have the right to feel "fed up".
"I'm reading your comments about Facebook's data leak and I can sense people are fed up with their private information being mismanaged, you are absolutely right to feel so,' he tweeted.
"Facebook needs to acknowledge this breach and not with just a "we value your information" statement."
All 533,000,000 Facebook records were just leaked for free.— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.
I have yet to see Facebook acknowledging this absolute negligence of your data. https://t.co/ysGCPZm5U3pic.twitter.com/nM0Fu4GDY8
This data breach comes as the Morrison Government considers a rule that would force Australian social media users to submit 100 points of ID to maintain their account.
One of 88 recommendations from a parliamentary committee report looking at family, domestic and sexual violence, this would apply to platforms like Twitter, Instagram, Facebook - and even dating apps like Tinder.
"In order to open or maintain an existing social media account, customers should be required by law to identify themselves to a platform using 100 points of identification, in the same way as a person must provide identification for a mobile phone account, or to buy a mobile SIM card," the report suggested.
The move, however, is being blasted by cyber security experts and social media users for exactly the reason Facebook is in the news.
A report shared by the Queensland Anti-cyber-bullying Taskforce says the initiative would create "privacy risks given the challenges social media companies have already experienced with data security".
"Identity verification systems raise questions about access to personal and sensitive data," the report notes.
"Any regulations considered should therefore ensure that these systems do not reuse collected data for any other purposes."
As of 2021, there are 2.6 billion active monthly users of Facebook, which makes it the most popular social media site in the world.
Originally published as 533 million Facebook users' data leaked