Last weekend, the data of 533 313 128 Facebook users were published on the darknet. This dump includes phone numbers, names, Facebook IDs, email addresses, location information, gender, date of birth, work, and other data that may have contained social network profiles.
This leak was distinguished from others by the fact that it contained not only data from public profiles, but also phone numbers associated with these accounts.
According to information security experts, back in 2019, cybercriminals exploited a vulnerability related to the Add a Friend function, which allowed them to gain access to phone numbers. This bug has been fixed for a long time. Facebook representatives confirmed the leak, but said that “this is old data, which was previously reported in 2019.”
In fresh company statement and it does say that the leak is not associated with any vulnerability or hacking, but with the usual data scraping. That is, in 2019, scammers “who deliberately violate the platform’s policy” simply collected information from public user profiles, abusing contact import functions for this.
Leakage aggregator Have I Been Pwned already added the leak to my base. That is, anyone can check if this problem touched him. At first, verification was possible only by email address, but only 2.5 million of 533 million records included an email address. That is, a search by email address most often did not yield results.
As a result, the founder of the resource Troy Hunt added on HIBP, the ability to search by phone numbers, although this was not a trivial task due to the different number formats. A phone number search is performed with the addition of a specific country and region code, as shown in the illustration below.