Security researcher Alon Gal highlighted the leak, the result of a Facebook vulnerability patched in 2019. The data went up for sale via a dark web cybercrime forum back in January, when interested buyers could look up the information in the database using a Telegram bot. Now, the entire trove has been made freely available.
“The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India,” writes Insider. “It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses.”
Insider verified some data by matching Facebook users’ phone numbers with the IDs listed in the data set. It also verified records by testing email addresses in FB’s password reset feature, which can partially reveal a user’s phone number. While the data only goes up to 2019, many people keep the same phone number for years.
Have I Been Pwned creator Troy Hunt said he found around 2.5 million unique email addresses in the data set. He says the most appealing element to scammers and hackers is the phone numbers, which can be used for everything from SMS spam to signing up for services. Make sure to check out Hunt’s page to discover if your information was part of the leak.