Facebook CEO Mark Zuckerberg’s cell phone number is among the leaked data posted online by hackers, but everyday users could be affected, too.
A user in a hacking forum on Saturday published phone numbers and personal data of more than 550 million Facebook users for free online.
The data is two years old. A Facebook spokesperson told Business Insider it was scraped because of a vulnerability that Facebook patched in 2019.
The information could still be dangerous to those exposed, according to Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, who first discovered the leaked data online on Saturday.
“A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks (or) hacking attempts,” Gal told Insider.
Included is personal information of Facebook users from 106 countries: their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses.
Gal discovered the leaked data in January when, according to Insider, “a user in the same hacking forum advertised an automated bot that could provide phone numbers for hundreds of millions of Facebook users in exchange for a price.”
Now, the entire dataset is widely available to anyone with rudimentary data skills.
Gal said that, from a security standpoint, Facebook could notify users so they could remain vigilant for possible phishing schemes or fraud using their personal data.
“Users having their personal information leaked is a huge breach of trust and should be handled accordingly,” Gal said.
Gal told Reuters that, in the next couple of months, Facebook users should watch out for “social engineering attacks” by people who may now have their phone numbers or other private data.