In what’s likely to be a goldmine for bad actors, personal information associated with approximately 533 million Facebook users worldwide has been leaked on a popular cybercrime forum for free—which was harvested by hackers in 2019 using a Facebook vulnerability.
The leaked data includes full names, Facebook IDs, mobile numbers, locations, email addresses, gender, occupation, city, country, marital status broken, account creation date, and other profile details down by country, with over 32 million records belonging to users in the U.S., 11 million users the U.K., and six million users in India, among others.
In total, the data being offered includes user information from 106 countries. Additionally, the data seems to have been obtained by exploiting a vulnerability that enabled automated scripts to scrape Facebook users’ public profiles and associated private phone numbers en masse. The flaw has since been fixed by Facebook.
“This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019,” said Liz Bourgeois, Facebook’s director of strategic response communications, in a Saturday tweet.
Old data or not, the fact that the data appears to have been obtained by scraping Facebook profiles further complicates the company’s equation with privacy, even as it has emerged relatively unscathed in the wake of the Cambridge Analytica data scandal, in which the British consulting firm amassed of the personal data of millions of Facebook users without their consent for purposes of political advertising.