Security researcher Alon Gal revealed on Saturday April 3 that a database of 533 million Facebook users is available for free on a hacker forum. He had already spotted this offer last January, but it was still paid (20 dollars per unit). The Indian Paper takes stock of this case and its consequences.
What does this data contain?
This database contains, among other things, the full name, phone number, Facebook ID, last location, birthday, email address, account creation date, biography, relationship status. Among the affected users are 19.8 million French people. The most affected countries are Egypt (44 million users), Tunisia (39 million) and Italy (35 million).
Also to discover in video:
Where does this data come from?
A flaw sealed in August 2019 made it possible to mass collect the phone numbers and personal information of Facebook and Instagram users. The firm confirmed with Business Insider that this database was created thanks to this flaw. This is not the first time that they have surfaced. In September 2019, a GDI Foundation researcher had already detected a base of 419 million Facebook users. In December 2019, Comparitech came across a base of 267 million Facebook users, whose origin is likely the same.
How do I know if I am in this database?
Troy Hunt, the creator of HaveIBeenPwned.com, recovered the entire database. You can go to the site to find out if your email or phone number is on the list.
The Facebook phone numbers are now being loaded into @haveibeenpwned and will be searchable later today. Stay tuned, I’ll push out a short blog once it’s good to go (will be queryable via the existing API too 😎).
– Troy Hunt (@troyhunt) April 6, 2021
What are the consequences of this data breach?
This database is the equivalent of a huge directory. Hackers can use it to carry out targeted attacks such as phishing, SMS or email. If you are concerned, you must therefore be particularly vigilant about the messages you receive. Unfortunately, this is the only thing it is possible to do. These data will continue to circulate on the Web.