WASHINGTON DC: The personal information of m-ore than 533 million Fac-ebook users from 106 countries — including phone numbers, full names, locations and birthdates — has been leaked onto an online hacking forum, Business Insider first reported.
Why it matters: The data, which can be accessed for free, may be used by cybercriminals to steal identities and scam or extort money from victims, according to Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, which discovered the leaked data.
By the numbers: The leak includes data from 32 million users in the U.S., 11 million users in the UK, and 6 million users in India.
Of note: It contains phone numbers, Facebook IDs, full names, locations, birthdates, bios and email addresses. It notably it does not contain password information.
The data is personal, but much of it is likely to be public already, though perhaps not in this form.
What they’re saying: “A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks [or] hacking attempts,” Gal told Insider.
“Individuals signing up to a reputable company like Facebook are trusting them with their data and Facebook [is] supposed to treat the data with utmost respect.” he added. “Users having their personal information leaked is a huge breach of trust and should be handled accordingly.”
Gal said Facebook can’t do much to help affected users because their data has already been posted, but he said Facebook can notify the users so they can watch for scams or frauds.
Facebook did not immediately respond to Axios’ request for comment.
Our thought bubble via Axios’ Scott Rosenberg: Any information you provide to Facebook or post there is sooner or later likely to end up public, even if you try to keep it private or specifically restrict it to your friends.
That doesn’t excuse Facebook from responsibility for protecting its users, but at this point in Facebook’s history, it’s a realistic assumption for any user’s self-defense.