The personal data and phone numbers of 553 million Facebook users was posted on a hacking forum on Saturday. The leaked dataset includes 2.9 million users which appear to be Hong Kong-based.
Users from 106 countries are affected, with their Facebook IDs, full names, bios, locations, birthdays and phone numbers exposed.
News of the hack was shared by Alon Gal of Israeli cybercrime intelligence firm Hudson Rock. “This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked,” he wrote on Twitter. “I have yet to see Facebook acknowledging this absolute negligence of your data.”
Facebook said in a statement that the data was “very old” and connected to an issue it had fixed in August 2019, according to Reuters.
Be on guard
Hong Kong-based technologist Mart van de Ven told HKFP that users should be on guard for suspicious calls or text messages in case bad actors use their numbers for social engineering scams: “This data can be used to impersonate you, for example when you have to provide your phone number as ‘proof’ of who you are.”
“Remove your phone number from any service where you’ve provided it, and modify or set up two-factor authentication on important services,” he said. Van de Ven added that SMS should not be used in a two-factor set-up and that users should consider changing their phone numbers.
In 2016, the social media network was embroiled in a scandal whereby political data firm Cambridge Analytica was found to have accessed data belonging to up to 87 million Facebook users without their consent. Facebook since tightened its control of how third-party apps can access user data.