The data includes personal information for more than 533 million Facebook users from 106 countries, including more than 32 million user records in the United States, 11 million users in the United Kingdom, and 6 million users in India.
There are phone numbers, Facebook IDs, full names, locations, dates of birth, resumes and – in some cases – email addresses.
A Facebook spokesperson said: The data was collected due to a security vulnerability that the company corrected in 2019.
Although the leaked data is two years old, it provides valuable information to cyber criminals who use personal information to impersonate or trick people into handing over login data.
Alon Gal, chief technology officer at cybercrime intelligence firm Hudson Rock, said: A database of this size that contains private information such as the phone numbers of many Facebook users that benefit criminals for carrying out social engineering attacks or hacking attempts.
Gal discovered the leaked data for the first time in January when a user on the hacking forum itself announced an automated bot that could provide phone numbers to hundreds of millions of Facebook users.
And the entire dataset is now posted via the hacking forum for free, making it widely available to anyone.
It is noteworthy that this is not the first time that a large number of Facebook users’ phone numbers have been found online.
The vulnerability revealed in 2019 allowed millions of phone numbers to be collected from Facebook’s servers in violation of its Terms of Service.
Facebook previously pledged to crack down on collective data collection after Cambridge Analytica collected the data of 80 million users in violation of Facebook’s Terms of Service to target voters with political ads in the 2016 elections.
Gal said: From a security point of view, there is not much Facebook can do to help users affected by the breach because their data is exposed, but the company can alert users so that they remain vigilant about Trolling Using their personal data.