You can check if your personal information is included in the Facebook data leak by querying the data breach notification service Have I Been Pwned.

The news of the availability on a hacking forum of the personal information for 533,313,128 Facebook users made the headlines. The availability of the data was first reported by Alon Gal, CTO of cyber intelligence firm Hudson Rock.

Details include:Phone number, Facebook ID, Full name, Location, Past Location, Birthdate, (Sometimes) Email Address, Account Creation Date, Relationship Status, Bio.Bad actors will certainly use the information for social engineering, scamming, hacking and marketing.— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021The data of Facebook users from 106 countries are available for free, over 32 million records belonging to users from the US, 11 from the UK, and 6 million users from India. Leaked data includes users’ phone numbers, Facebook IDs, full names, locations, birthdates, bios, and for some accounts the associated email addresses.

The data was amassed by threat actors by exploiting a vulnerability fixed in 2019 that allowed data scraping from the social network.

All 533,000,000 Facebook records were just leaked for free.This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.I have yet to see Facebook acknowledging this absolute negligence of your data. https://t.co/ysGCPZm5U3 pic.twitter.com/nM0Fu4GDY8— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021The leaked data could be exploited by threat actors to carry out a broad range of malicious activities.

The novelty is not represented by the availability of the data online, which was already reported by Alon Gal in January, but its availability for free.

Data included in the recent leak have been added by Troy Hunt to Have I Been Pwned data breach notification site allowing users to check if weather data was exposed.

I’ve had a heap of queries about this. I’m looking into it and yes, if it’s legit and suitable for @haveibeenpwned it’ll be searchable there shortly. https://t.co/QPLZdXATpt— Troy Hunt (@troyhunt) April 3, 2021“In April 2021, a large data set of 533 million Facebook users was made freely available for download. Encompassing approximately 20% of Facebook’s subscribers, the data was allegedly obtained by exploiting a vulnerability Facebook advises they rectified in August 2019. The primary value of the data is the association of phone numbers to identities; whilst each record included phone, only 2.5 million contained an email address.” reads the statement published on the HIBP website. “Most records contained names and genders with many also including dates of birth, location, relationship status and employer.”

Unfortunately, Hunt was able to add only 2,529,621 records () exposed in the recent leak because most of them did not include an email address.

Should the Facebook phone numbers be searchable in @haveibeenpwned? Hunt is evaluating the pros and cons for impacted people versus the risk of exposure of their identities.

Should the FB phone numbers be searchable in @haveibeenpwned? I’m thinking through the pros and cons in terms of the value it adds to impacted people versus the risk presented if it’s used to help resolve numbers to identities (you’d still need the source data to do that).— Troy Hunt (@troyhunt) April 4, 2021
That’s the email addresses loaded, I’m still considering what to do with the phone numbers https://t.co/OsQpJIgB0o— Troy Hunt (@troyhunt) April 4, 2021“Factors influencing my consideration of this: only about 1% of the records have email addresses, the phone numbers are easily parsed (they’re in a CSV) and they’re formatted complete with country code. It’s a very clean data set and is 100x more useful than email in this case.” wrote Hunt on Twitter. “Another general observation on this incident: I’m seeing *extensive* sharing of the data, both the entire corpus of countries and individual country files. Not just in hacking circles, but very broadly on social media too. This data is everywhere already.”

Hunt discovered 370M rows in the data set he received some weeks ago, data that is different from 533M reported by media. Then he received a separate set of files that summed to the previous one aligns with more recent reporting.

In some cases Hunt noticed some differences as he confirmed on Twitter:

Much of the data is same same but different; Albania, for example, begins with the same phone numbers and FB IDs but the original data was CSV whilst this lot is a colon delimited text file with a different field order.— Troy Hunt (@troyhunt) April 5, 2021For additional news …. stay Tuned!

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}
Pierluigi Paganini

(SecurityAffairs – hacking, data leak)

The post 2,5M+ users can check whether their data were exposed in Facebook data leak appeared first on Security Affairs.