fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

533 Million Facebook Users’ Phone Numbers Leaked On Hacker Forum

533 Million Facebook Users’ Phone Numbers Leaked On Hacker Forum

The mobile phone numbers and other personal information for approximately 533 million Facebook users worldwide has been leaked on a popular hacker forum for free.

The stolen data first surfaced on a hacking community in June 2020 when a member began selling the Facebook data to other members. What made this leak stand out was that it contained member information that can be scraped from public profiles and private mobile numbers associated with the accounts.

The initial sale of Facebook data in June 2020
The initial sale of Facebook data in June 2020

The sold data included 533,313,128 Facebook users, with information such as a member’s mobile number, Facebook ID, name, gender, location, relationship status, occupation, date of birth, and email addresses.

From samples of the Facebook data seen by BleepingComputer, almost every user record contains a mobile phone number, a Facebook ID, a name, and the member’s gender.

Below is a small sample of USA records showing the redacted mobile numbers starting with New York’s 917 mobile area code.

Sample of leaked USA Facebook members with mobile numbers
Sample of leaked USA Facebook members with mobile numbers
Source: BleepingComputer

Also Read: The 5 Benefits Of Outsourcing Data Protection Officer Service

According to Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, it is believed that threat actors exploited in 2019 a now-patched vulnerability in Facebook’s “Add Friend” feature that allowed them to gain access to member’s phone numbers.

It is unknown if this alleged vulnerability allowed the threat actor to retrieve all of the information in the leaked data or just the phone number, which was then combined with information scraped from public profiles.

After the initial sale of the data, which is believed to be for $30,000, another threat actor created a private Telegram bot that allowed other threat actors to pay to search through the Facebook data. 

Facebook data leak released for free

Today, this Facebook data leak has been released for free on the same hacker forum for eight site ‘credits,’ a form of currency on the hacker forum, equal to approximately $2.19.

While data breaches are initially sold in private sales for a high price, it is common for them to be sold for lower and lower prices until they are eventually released for free as a way of earning reputation within the hacker community.

“As is the case every time, people began to sell for cheaper and cheaper until it leaked for free,” Gal told BleepingComputer in a conversation.

Data leak shared for free on Hacker Forum
Data leak shared for free on Hacker Forum
Source: BleepingComputer

Included in the data leak are the phone numbers for three of Facebook’s founders – Mark Zuckerberg, Chris Hughes, and Dustin Moskovitz, which are the 4th, 5th, and 6th members first registered on Facebook.

Facebook Founders in data leak
Facebook Founders in data leak

In response to our queries regarding the data leak, Facebook told BleepingComputer that this data is the same data as was harvested in 2019.

“This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019,” a Facebook spokeperson told BleepingComputer.

While the data may be from 2019, it is common for phone numbers and email addresses to remain the same over a period of many years, making this valuable to threat actors.

The top 20 geographic locations where members were exposed, as described by the threat actor, are listed below:

LocationNumber of users
Egypt44,823,547
Tunisia39,526,412
Italy35,677,323
USA32,315,282
Saudi Arabia28,804,686
France19,848,559
Turkey19,638,821
Morocco18,939,198
Colombia17,957,908
Iraq17,116,398
Africa14,323,766
Mexico13,330,561
Malaysia11,675,894
United Kingdom11,522,328
Algeria11,505,898
Spain10,894,206
Russia9,996,405
Sudan9,464,772
Nigeria9,000,131
Peru8,075,317

Data can be used to conduct attacks

This release has been met with enthusiasm by other threat actors on the hacker forum as they can use it to conduct attacks on the people listed in the data leak. 

For example, threat actors can use email addresses for phishing attacks and mobile numbers for smishing (mobile text phishing) attacks. 

Threat actors can also use mobile numbers and leaked info to perform SIM swap attacks to steal multi-factor authentication codes sent via SMS.

It is advised that all Facebook users be wary of strange emails or texts requesting further information or telling you to click on enclosed links.

BleepingComputer has contacted Facebook about the data leak but has not received a response at this time.

Also Read: How To Prevent WhatsApp Hack: 7 Best Practices

Update 4/3/21 3:00 PM EST: Added leaked Facebook founders and that date of birth may be included in leaked data
Update 4/3/21 8:54 PM EST: Added statement from Facebook.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us