Danger! 533 million Facebook users’ phone numbers and personal data have been leaked online

In fresh trouble for Mark Zuckerberg, the personal information of more than 533 million (53.3 crore) Facebook users from 106 countries have leaked online. This information includes phone numbers, full names, locations, birth dates, Facebook IDs, bio’s, and in some cases, email addresses – as discovered by cybersecurity researcher Alon Gal.

“All 533,000,000 Facebook records were just leaked for free. This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked. I have yet to see Facebook acknowledging this absolute negligence of your data.

Earlier, phone numbers of 533 million users were sold via a bot on encrypted messaging platform Telegram, which came from a Facebook vulnerability that was patched by the social network in 2019,” Gal said in a tweet. According to samples reviewed by The Record today, the leaked data includes information that users posted on their profiles and appears to be the result of a massive scraping operation.

The data is currently being offered in 106 separate download packages, with the data split on a per-country basis. “In early 2020 a vulnerability that enabled seeing the phone number linked to every Facebook account was exploited, creating a database containing the information 533m users across all countries.

It was severely under-reported and today the database became much more worrisome,” Gal added. Last year in December, some reports surfaced that a bug exposed the personal information like email addresses and birthdays of Instagram users. Saugat Pokharel, an experienced bug hunter from Nepal, discovered the bug.

The attack used Facebook’s Business Suite tool, available to any Facebook business account, reported The Verge. According to a Facebook spokesperson, the bug was only accessible for a short period of time during a small test.

“A researcher reported an issue where, if someone was a part of a small test we ran in October for business accounts, personal information of the person they were messaging could have been revealed,” the company spokesperson had said.