Personal information on more than 500 million Facebook users — previously leaked and now made more widely available — was shared online Saturday, according to the news site Insider, worrying experts who said the compromised data could make people more vulnerable to fraud.
The exposed data included details like phone numbers, Facebook IDs, full names, locations, birthdates, bios, and even email addresses of some users.
That data included records on 32 million users in the United States, 11 million users in the United Kingdom, six million users in India and 1.4 million in the Czech Republic.
A Facebook spokesperson said that the leaked data was scraped due to a vulnerability that the company patched in 2019. A vulnerability was discovered in 2019 that allowed phone numbers of millions of users to be scraped from Facebook servers.
The social media giant said that the vulnerability was patched in August 2019.
“Bad actors will certainly use the information for social engineering, scamming, hacking, and marketing,” tweeted Alon Gal, the co-founder of an Israeli cybercrime intelligence company called Hudson Rock, who flagged the release of the Facebook data Saturday.
Facebook did not immediately respond to questions Saturday evening, but company spokeswoman Liz Bourgeois tweeted Saturday that the leak detailed by Insider involved “old data that was previously reported on in 2019.”
“We found and fixed this issue in August 2019,” Bourgeois wrote.
This is not the first time Facebook user data has been leaked on the web.
In December 2019, 267 million Facebook User IDs, phone numbers, and names were left exposed, according to Ukrainian cyber threat researcher Bob Diachenko. He believed the data was harvested by cybercriminals.
In 2018, it was revealed that British political consulting firm Cambridge Analytica collected the personal data of millions of Facebook users. In July 2019, Facebook was fined $5 billion (€4.2 billion) by the US Federal Trade Commission (FTC) for data privacy violations.