In August 2019, phone numbers, full names, locations, Facebook IDs and other personal data for 533 million Facebook users were hacked, making it the biggest hack in Facebook’s history of data breaches.
As first noticed by security researcher Alon Gal, this data from the 2019 breach was freely made available of a hacking forum. In 2019, this data was available to buy, but now it’s on the internet, for free.
Gal took it to Twitter for announcing this as soon as he discovered it in the wild.
Gal rightly states the details involved and what can be done with them:
Phone number, Facebook ID, Full name, Location, Past Location, Birthdate, (Sometimes) Email Address, Account Creation Date, Relationship Status, Bio.
Bad actors will certainly use the information for social engineering, scamming, hacking and marketing.Alon Gal
What’s worse? This hack has affected 107 countries. 32 million in the US, 11 million in the UK and 105 other too. Here’s a full list of countries affected along with the number of people affected:
If you see your country on the list, there’s a high probability of your data being available online, the best thing to do in this case would be to change your Facebook password, unlink your number, and also check if your email has been involved.
Out of the 533 million accounts, only 2.52 million email addresses were breached and made publicly available. Still, 2,529,621 is not a small number. You can check if your email has been involved or not by visiting Have I Been Pwned and entering your email address.
Apple TLD has reached out to Facebook for a comment on this, but has not yet received a reply. But Facebook did reply to some other media outlets, saying this to BleepingComputer:
This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019.Facebook spokesperson
Even if its old data, its highly unlikely for all 533 million people to change their phone numbers in this time frame, or even their email addresses.
Apple TLD has successfully located the original post on the hacker forum and is investigating further. We can not share any information about the hacker forum in any way for security reasons.
Here are a few screenshots from the hacker forum. Images are courtesy of Apple TLD.
As we investigated further, we also found out that after certain steps, we were able to obtain the database too. The user on the forum shared it through download links from an external file sharing website.
After digging even further, we found out the the files were last modified on 27 December, 2019, so these are the original files from the 2019 breach.
We checked around a few more files and concluded that this is more serious than it actually seems. Have I Been Pwned founder Troy Hunt summarizes the effects of this breach in his Twitter thread below.