Facebook data of over 500 million users, including 6.1 million Indians, leaked online

Details from more than 500 million Facebook users, including 6.1 million Indians, have been found available on a website for hackers.

The information appears to be several years old, but it is another example of the vast amount of information collected by Facebook and other social media sites, and the limits to how secure that information is.

The availability of the data set was first reported by Business Insider. According to that publication, it has information from 106 countries including phone numbers, Facebook IDs, full names, locations, birthdates, gender details, job data, and email addresses.

Facebook has been grappling with data security issues for years. In 2018, the social media giant disabled a feature that allowed users to search for one another via phone number following revelations that the political firm Cambridge Analytica had accessed information on up to 87 million Facebook users without their knowledge or consent.

READ MORE

17 missing after Indonesia boats collision

22 Indian security members killed in Maoist attack

Millions face Easter under coronavirus curbs around the world

In December 2019, a Ukrainian security researcher reported finding a database with the names, phone numbers and unique user IDs of more than 267 million Facebook users – nearly all US-based – on the open internet. It is unclear if the current data dump is related to this database.

"This is old data that was previously reported on in 2019," the Menlo Park, California-based company said in a statement. "We found and fixed this issue in August 2019.”

The easy availability of such data may make users more vulnerable to cybercrime.

"All 533,000,000 Facebook records were just leaked for free. This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked," tweeted Alon Gal, CTO of security firm Hudson Rock.

"I have yet to see Facebook acknowledging this absolute negligence of your data," he added.

Facebook has confirmed the leak to The Record.

With the data now entering the public domain, there is a real danger that this information can be widely used by cybercriminals for email or SMS spam, robocalls, extortion attempts, threats and harassment, etc.

The data is reportedly broken up into download packages by country.

As Cambridge Analytics still haunts nearly 87 million users, including over half a million users from India, this has come as the biggest ever leak of a social media platform that has billions of users.

In January this year, reports first surfaced that the phone numbers of 533 million users were currently being sold via a bot on encrypted messaging platform Telegram, which came from a Facebook vulnerability that was patched by the social network in 2019.

According to a report in Motherboard, the person selling the database full of Facebook users' phone numbers ($20 per number) lets customers look up those numbers by using an automated Telegram bot.

Gal had then said: "It is very worrying to see a database of that size being sold in cybercrime communities, it harms our privacy severely and will certainly be used for smishing (the fraudulent practice of sending text messages) and other fraudulent activities by bad actors."

However, this time, the Facebook data leak has been published with more details.

In December last year, reports surfaced that a bug exposed the personal information like email addresses and birthdays of Facebook-owned Instagram users.

Saugat Pokharel, an experienced bug hunter from Nepal, discovered it. The attack used Facebook's Business Suite tool, available to any Facebook business account, reported The Verge.

According to a Facebook spokesperson, the bug was only accessible for a short period of time during a small test.

Agencies