Personal data of more than 550 million Facebook users leaked online last Saturday, finding their way to hacking forums on the Web. The breach is said to have spread across the globe, encompassing close to 100 countries, and counting. The vast majority of affected FB users reside in the US and the UK. Thirty-two million American and eleven million British citizens have seen their phone numbers, usernames, email addresses, geolocations, and bios out in the wild over the last few days.
The Leak Was a Result of an Earlier Flaw
Attempts to exploit Facebook vulnerabilities have been subject to great interest among cybercriminals for a long time. As it seems, the current leak came to fruition as a result of a recently found (and patched) FB vulnerability. In the latter half of 2019, hackers exploited that vulnerability to dig out the phone numbers associated with the Facebook accounts of as many users as possible. While Facebook seemingly provided a patch in the nick of time, the crooks at play appear to have successfully collected the data nonetheless.
The recent data leak is reminiscent of other destructive cases that have scoured data, such as in in the case of WhatsApp's spyware attack a couple of years ago.
There Was a Bot at Play
As it is, the crooks behind the FB data theft deployed an automated Telegram bot to host them. Although the bot in question appears to have been subject to sale advertising on the dark Web since January 2021, it was not until a few days ago that someone dumped it for free. As a result, the leaked database is now one click away from anyone willing to get a grip on it.
The Dangers That Lie Ahead
The sheer volume of leaked data raises concern about the real motives of the hackers who seem to have shared those data for free. At present, there is no evidence that they may have received any financial incentive to publish the data. Nevertheless, this 'gift' could still bring further trouble to affected users. It might fall into the hands of cyber crooks specializing in identity theft and all sorts of personal data-related scams. Considering that the leaked database includes over 0.5 billion real people's personal details, researchers expect an imminent spike in ID thefts and other social-engineering scams in the weeks to come.