The phone numbers and other personal information of 533 million Facebook users were leaked for free on a popular hacker forum. Italy is the third most affected nation with over 35 million users involved. The data in question began to peep into the hacking community last June, when one member began selling it to other members. The information may include, in addition to the phone number, also: Facebook ID, name, gender, location, sentimental status, occupation, date of birth and email addresses. The package also includes the phone numbers (probably no longer active) of Mark Zuckerberg, Chris Hughes and Dustin Moskovitz, one of the founders of the social network.
According to the BleepingComputer website, almost all users have a phone number, Facebook ID, name and gender associated with them. The package was stolen in 2019, as confirmed by Facebook, exploiting a vulnerability now fixed in the “Add a friend” function. It is not known whether this alleged vulnerability allowed the attackers to retrieve all the information disclosed or just the telephone number, and then combine it with the data obtained from public profiles. The certainty is that after the initial sale, it is thought for 30 thousand dollars, another attacker had created in January of this year a private Telegram bot that allowed other interested hackers to pay to access the collected data. The novelty is that this data package has now been distributed free of charge to obtain eight credits on the forum, for a value of 2.19 dollars. The goal is clearly to gain notoriety, obviously only after filling your pockets. Although the data is at least two years old, many people don’t change their email or phone number for a very long time, so a lot of information could be valuable for conducting targeted attacks. Email addresses can be useful for phishing attacks, while phone numbers for so-called smishing (phishing via SMS), but also for tackling SIM swap attacks to steal two-factor authentication codes sent via SMS.