Facebook Database Containing Info On 533 Million Accounts Gets Leaked…. Time To #DeleteFacebook

A database containing the leaked phone numbers (and other personal information) of some 533 million Facebook users has just been spotted online. The database was posted to a low-level hacking forum for free.


Here’s what Business Insider said:

The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses.

Insider reviewed a sample of the leaked data and verified several records by matching known Facebook users’ phone numbers with the IDs listed in the data set. We also verified records by testing email addresses from the data set in Facebook’s password reset feature, which can be used to partially reveal a user’s phone number.

A Facebook spokesperson told Insider that the data was scraped due to a vulnerability that the company patched in 2019.

While a couple of years old, the leaked data could provide valuable information to cybercriminals who use people’s personal information to impersonate them or scam them into handing over login credentials, according to Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, who first discovered the entire trough of leaked data online on Saturday.

This is extremely bad and whether this hack happened 2 years ago or 2 minutes ago. Here’s why:

Here’s how Facebook should be punished for this latest screw up. Facebook has a market cap of over $800 billion. So I suggest a fine of $80 per account. For the roughly half billion accounts exposed, that would come to $40 billion, or about 5% of their market capitalization. That would really get their attention and you would bet your last dollar that Facebook would never, ever be this negligent again.

Let’s see if that happens. But I don’t think it will.

UPDATE: David Masson, Director of Enterprise Security for Darktrace had this to say: 

The events of this weekend surrounding Facebook highlights the urgent necessity for an approach to security that stops threats, even once they have penetrated the perimeter. Though the Facebook data exposure is a reiteration of a previous breach, it demonstrates the severity of these kinds of attacks. The ramifications of personal data theft and abuse continue to be felt not just by Facebook, but also by the victims of the breach years after the initial incident. Ultimately, businesses need an approach to security that gives them complete visibility into their digital enterprises, that helps them understand exactly where users and data are at all times, and gives them the ability to autonomously respond to threatening activity – before the damage is done.

One Response to “Facebook Database Containing Info On 533 Million Accounts Gets Leaked…. Time To #DeleteFacebook”

  1. […] Straight Talk About Information Technology From A Nerd Who Speaks English « Facebook Database Containing Info On 533 Million Accounts Gets Leaked…. Time To #DeleteFa… […]

Leave a Reply

%d bloggers like this: