The personal data of hundreds of millions of Facebook users has been posted to an online forum on Saturday. As first reported by Business Insider, the data includes profile names, Facebook IDs, phone numbers and, in some cases, email addresses from 533 million users in 106 countries and stems from an attack dating back to 2019.
Facebook addressed the issue in a blog post on Tuesday, saying the data was obtained by scraping publicly available data from the platform rather than by hacking into its system. The perpetrators used a feature designed to help users find their friends on Facebook by importing phone numbers from their contacts, exploiting a loophole that has since been closed according to the company.
While Facebook pointed out that the leaked data did not include financial information or passwords, it’s important to note that structured data sets tying users to email addresses and phone numbers are a feast for scammers, spammers and other types of internet criminals.
According to a recent FBI report on internet crime, 241,342 Americans fell victim to phishing, vishing and smishing attacks last year, making it the most common type of cyber crime. With identity theft and spoofing also high on the list of common offenses, protecting personal data from getting into the wrong hands is a crucial part in the fight against online crime.