Personal details of 533 million Facebook users have been found in a hacking forum — and are being given away for free. The data includes phone numbers, names and even birthdates from users across 106 countries — 32 million from the U.S. alone.
The data was verified by Business Insider, and came from a weakness on the social media site that was patched back in August of 2019. That's a few months before 267 million pieces of Facebook user data was found on an unsecured server back in December 2019.
Facebook confirmed that this most recent data trove came from its site — and while it dates back about a year or two, could easily include current users and updated details.
Facebook passwords can be reset using someone's email address or phone number
Hudson Rock, a cybercrime analysis firm, first found the data online, and had seen pieces of it back in January when some of the phone numbers were offered for sale. But now the information is just free for the taking.
Details like phone numbers and email addresses present phishing concerns. With these data points, hackers can use what's known as social engineering or phishing to reach out to someone over text, email or even a phone call, and try and get a potential victim to hand over even more information.
Because this trove of Facebook data includes user bios, locations and full names as well as birthdates, a hacker could pretend to be calling from a credit card company or a bank, for example, tell a victim they're just verifying details — and have a birthdate and address to back that up — and then ask the person to read their bank account allowed, or a password.
Additionally, Facebook users can request a password reset by having a code sent to their email or phone number via text message. A hacker would need access to a phone number or email account, but those can be cracked via phishing methods. Which is a good reason for people to learn how to recognize phishing attacks, and avoid them.