The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, relationship status, and, in some cases, email addresses. All available to hackers, scammers, and spammers for free.
If that 533 million number might sound familiar to you, that’s because this information is apparently from the same stolen dataset that people could pay for portions of using a Telegram bot, which was reported on in January. Now it appears that those who want to get their hands on the data won’t have to pay anything at all.
Facebook admitted that this data was scraped because of a vulnerability that FB fixed in 2019. The company gave a similar answer in January. “This is old data that was previously reported on in 2019, We found and fixed this issue in August 2019.” Facebook has not replied to a request for comment from The Verge.
Troy Hunt, the creator of the Have I Been Pwned database, said on Saturday that “I haven’t seen anything yet to suggest this breach isn’t legit.” In the data, he found only about 2.5 million unique email addresses (which is still a lot!), but apparently, “the greatest impact here is the phone numbers.”
Although this data is from 2019 it could still be of value to hackers and cybercriminals like those who engage in identity theft. The way the data was sorted and posted on the hacking site makes it far more accessible for criminals to exploit.
These are the pieces of data cybercriminals spend time searching for to perform social engineering attacks — now they’re all in one place and easily accessible in this leak, which makes social engineering quicker and easier.
Hunt has already loaded the leaked email addresses into Have I Been Pwned, meaning you can check to see if yours was included as part of the dataset. He is still considering whether or not to make the leaked phone numbers available through the service.
You can check to see if your email was included: www.HaveIBeenPwned.com
Thanks to The Verge for sharing this information
https://www.theverge.com/2021/4/4/22366822/facebook-personal-data-533-million-leaks-online-email-phone-numbers
How do I report a Facebook account or Page that’s pretending to be me or someone else?
Accounts and Pages that impersonate other people go against our Community Standards and aren’t allowed on Facebook. If you see an account that’s pretending to be you, someone you know or a public figure (example: celebrity, politician), we encourage you to let us know. You can report potentially impersonating accounts to us even if you don’t have a Facebook account.
To report someone who’s pretending to be you or someone else, first determine if you’re reporting a profile or a Page.
How to report a profile or Page
If you have a Facebook account and want to report a profile or Page:
- Go to the profile or Page of the impersonating account.
- If you can’t find it, try searching for the name used on the profile or Page or asking your friends if they can send you a link to it.
- Click below the cover photo.
- If you’re reporting a Page, select Find Support or Report Page. If you’re reporting a profile, select Find Support or Report Profile.
- Follow the on-screen instructions for impersonation to file a report.
You can report an impersonating Facebook account by filling out a form.
Note: You can also report impersonating accounts in Messenger. Learn how to report someone that’s pretending to be you or someone else in Messenger.