More than 500 million Facebook users are affected worldwide. This data could be used for canvassing or fraudulent purposes.
Half of the 40 million French users of Facebook are affected: as revealed by cybersecurity researcher Alon Gal, the phone numbers of 533 million users of the social network – which has nearly three billion worldwide – are now freely accessible on the web. The data breach, one of the most serious to have affected the multinational, was discovered last January.
Before the file was made available for free on hacker forums, phone numbers could be purchased through Russian Telegram messaging. This new step should take the dissemination of this data to a new level, which is now easier.
The social network uses these phone numbers in particular to carry out its double-authentication, and therefore strengthen the security of the millions of accounts that have been created there. The phone number can also be used to recover access to his account in the event of forgetting the password.
In addition to the phone numbers, the leak concerns the Facebook ID of the victims, making it possible to link to their profile. So much sensitive information that could be used by unscrupulous people for telephone canvassing, but also online fraud attempts. The leak is described as “absolute negligence” by Alon Gal, on his Twitter account.
In addition to France, other European countries are particularly concerned, with 36 million victims in Italy, 11 million in Spain or even 6 million in Germany. In the United States, 32 million people are affected.
Also on Twitter, a Facebook executive recalls that the data leak is linked to a security flaw that was corrected in 2019, but this massive collection by hackers could not be prevented.
In January, Facebook made it clear that the database contained Facebook identifiers created before the vulnerability was corrected. But the telephone numbers indexed there probably correspond, in the majority of cases, to the same individuals today.