Personal data of 533 Mn Facebook users was leaked online on Saturday (April 3) on a hacker forum, according to news reports. The breach affected 6 Mn Indian users and includes details such as phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses. The social media giant told media agencies that the leak was related to a vulnerability that the company patched in 2019.
Interestingly, Facebook was caught in another privacy and user data breach incident in January this year when phone numbers of nearly 6 Lakh Indian users were being sold on Telegram through a bot. The Indian user data was reportedly a part of a database of 500 Mn Facebook users and their phone numbers which were being sold on the messaging app. The Telegram leak too was related to a previous security incident, which Facebook had admitted to in late 2019 and later fixed.
According to a Motherboard report, the bot exploited the Facebook vulnerability to access every Facebook account across all countries. The Telegram bot was selling a phone number or Facebook ID for $20 or INR 1,500, while batches of 10,000 numbers were being sold at $5,000 each.
A user’s phone number, if it continues to be linked to the Facebook account, can be used to find their Facebook user ID, which can not only lead to fraudulent activities on the platform, but other email and phone number related phishing and hacking attacks.
The vulnerability, reported in late 2019, enabled anyone to see the phone number linked to over 400 Mn Facebook users. At the time, the social media giant claimed the data was scraped from Facebook, before the policy changes on the platform cut off developer’s access to phone numbers.
The company also claimed the server contained about 220 Mn records. It remains to be seen whether the latest incident has any bearing on Facebook’s various court cases and privacy-related issues around the world.
In India, the Central Bureau of Investigation (CBI) registered a case against UK-based political consulting firm Cambridge Analytica and Global Science Research LTD (GSRL) last week in relation to the major Facebook data harvesting controversy which surfaced in 2017 and 2018. The company is being probed for “illegally harvesting the personal data of Facebook users in India.” About 5.62 Lakh Indian users were allegedly affected by this data harvesting.