Threat actors can also use mobile numbers and leaked info to perform SIM swap attacks to steal multi-factor authentication codes sent via SMS. This release has been met with enthusiasm by other threat actors on the hacker forum as they can use it to conduct attacks on the people listed in the data leak.įor example, threat actors can use email addresses for phishing attacks and mobile numbers for smishing (mobile text phishing) attacks. These locations are likely what was entered by the Facebook member in their profile.Ī full list of locations and associated member counts can be found at the end of the article. The top 20 geographic locations where members were exposed, as described by the threat actor, are listed below. While the data may be from 2019, it is common for phone numbers and email addresses to remain the same over a period of many years, making this valuable to threat actors. We found and fixed this issue in August 2019," a Facebook spokeperson told BleepingComputer. "This is old data that was previously reported on in 2019. In response to our queries regarding the data leak, Facebook told BleepingComputer that this data is the same data as was harvested in 2019. "As is the case every time, people began to sell for cheaper and cheaper until it leaked for free," Gal told BleepingComputer in a conversation.
LATEST FACEBOOK HACKING NEWS FOR FREE
While data breaches are initially sold in private sales for a high price, it is common for them to be sold for lower and lower prices until they are eventually released for free as a way of earning reputation within the hacker community. Today, this Facebook data leak has been released for free on the same hacker forum for eight site 'credits,' a form of currency on the hacker forum, equal to approximately $2.19. It is unknown if this alleged vulnerability allowed the threat actor to retrieve all of the information in the leaked data or just the phone number, which was then combined with information scraped from public profiles.Īfter the initial sale of the data, which is believed to be for $30,000, another threat actor created a private Telegram bot that allowed other threat actors to pay to search through the Facebook data. Sample of leaked USA Facebook members with mobile numbersĪccording to Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, it is believed that threat actors exploited in 2019 a now-patched vulnerability in Facebook's "Add Friend" feature that allowed them to gain access to member's phone numbers.