Information On Half Billion Facebook Users Leaked Online (businessinsider.com) 48
Slashdot reader quonset quotes Business Insider: A user in a low level hacking forum on Saturday published the phone numbers and personal data of hundreds of millions of Facebook users for free online.
The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses.
Insider reviewed a sample of the leaked data and verified several records by matching known Facebook users' phone numbers with the IDs listed in the data set. We also verified records by testing email addresses from the data set in Facebook's password reset feature, which can be used to partially reveal a user's phone number.
A Facebook spokesperson told Insider that the data was scraped due to a vulnerability that the company patched in 2019.
The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses.
Insider reviewed a sample of the leaked data and verified several records by matching known Facebook users' phone numbers with the IDs listed in the data set. We also verified records by testing email addresses from the data set in Facebook's password reset feature, which can be used to partially reveal a user's phone number.
A Facebook spokesperson told Insider that the data was scraped due to a vulnerability that the company patched in 2019.
Sauce? (Score:3)
Re:Sauce? (Score:4, Funny)
Re: (Score:2, Funny)
Where can I download this database?
I want to see if my family and friends are in it
Really? I was going to check my enemies first.
Re: Sauce? (Score:1)
Re: (Score:2)
Wow, you must know your enemies very good!
Virtual profiles by Facebook and the google? (Score:1)
What was that Subject supposed to mean? What was supposed to be the relationship to your question?
However, the interesting aspect of your question is a meta-question: "How can you query a database for personal information about you without exposing yourself to the query system?" If you weren't in the database before you asked...
The virtual profiles of my question are the constructs Facebook (and the google) use for people and identities that are referred to by "members" (AKA users), even though they are not
Re: (Score:2)
Re: (Score:2)
I expect hibp [haveibeenpwned.com] will have it soon enough.
Re: (Score:2)
In April 2021, a large data set of 533 million Facebook users was made freely available for download. Encompassing approximately 20% of Facebook's subscribers, the data was allegedly obtained by exploiting a vulnerability Facebook advises they rectified in August 2019. The primary value of the data is the association of phone numbers to identities; whilst each record included phone, only 2.5 million contained an email address. Most records contained names and genders with many also including dates of birth, location, relationship status and employer.
Emphasis mine; only 2.5 million accounts included an email address.
Re: (Score:2)
Re: (Score:2)
It didn't lose it :) They still got it.
If Patched in 2029... (Score:2)
Then, how was it exploited in 2021?
Or, was the data scrapped prior to the patch on 2019?
And, will FB be liable for providing identity theft protection for everyone compromised?
Re: (Score:3)
And, will FB be liable for providing identity theft protection for everyone compromised?
Identity theft protection should be the default, not something special which must be "provided" by a social media company.
Financial institutions should not allow someone to establish credit in your name with just your SSN, DOB, and your mother's maiden name.
Identity theft is much less of a problem in countries that put the cost and burden of proof onto the institution granting credit rather than the victim.
Re: (Score:2)
And, will FB be liable for providing identity theft protection for everyone compromised?
Identity theft protection should be the default, not something special which must be "provided" by a social media company.
Financial institutions should not allow someone to establish credit in your name with just your SSN, DOB, and your mother's maiden name.
Identity theft is much less of a problem in countries that put the cost and burden of proof onto the institution granting credit rather than the victim.
With the Federal Governments recent interest in BookFace, perhaps a nice Class Action lawsuit would be in order. I don't even care if I get any money, Just bury the Fuckers.
Re: (Score:2)
Re: (Score:3)
And, will FB be liable for providing identity theft protection for everyone compromised?
Facebook will use the "You fucked up - you trusted us!" defense.
Re: (Score:1)
No suprise (Score:2)
"Scrapped data". On Facebook... Funny. (Score:1)
Have personal relationships. (Score:1)
Often it is useful to have privacy. Something unusual can happen that makes privacy necessary. For example, someone may object to a manner in which you expressed yourself.
Facebook is a way of making money.
Inevitable (Score:1)
Re: (Score:3, Insightful)
You are aware that by having a user name with Zuck in it, and by writing fiery comments about him and Facebook, you demonstrate that he owns a part of your mind. And it is unilateral - he doesn't even know you exist.
Which one of you is winning?
Where is it? (Score:4, Interesting)
Extra points to anyone who posts a link to an easily searchable form of the database. It's important for people to know if they have been compromised.
Re:Where is it? (Score:4, Insightful)
If you have a facebook account, you've been compromised. You may, or may not, have been exposed in a data breach, but you can be certain that you've been compromised.
What's with this idea that it's bad if random people get access to your info, but it's just fine if hundreds of random companies get access to it?
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
In April 2021, a large data set of 533 million Facebook users was made freely available for download. Encompassing approximately 20% of Facebook's subscribers, the data was allegedly obtained by exploiting a vulnerability Facebook advises they rectified in August 2019. The primary value of the data is the association of phone numbers to identities; whilst each record included phone, only 2.5 million contained an email address. Most records contained names and genders with many also including dates of birth, location, relationship status and employer.
Re: Where is it? (Score:2)
Am I the only one (Score:2)
How about a per account fine? (Score:5, Insightful)
If this was the penalty I doubt they would ever have a large scale data breach again. It would also all put the other incompetent bloated internet giants on notice they must take security seriously or they will suffer significant pain.
Since none of the high up mucky-mucks will ever go to jail over any of their screw ups, the only way to make them toe the mark is to hit them in their pocket books. Nothing else matters to them.
Re: How about a per account fine? (Score:2)
Just a basic profile scraping (Score:2)
All the more reason... (Score:2)
Just glad (Score:1)
I doubt it's the first time (Score:2)
Several years ago I started getting spam sent to facebook@mydomain. The only database I ever put that address into was Facebook's. So either the database has been stolen before, or someone "guessed" the address (which isn't necessary that hard, since if I make an account at yourcompany, I told you my address is yourcompany@mydomain, so that might inspire you to "frame" Facebook).
This is all the data (Score:2)
Re: (Score:1)
"To continue install the Browser Add-On" ... yeah sure ...
Breaches will happen, why must we care so badly? (Score:2)
My ph# is also in yellow pages et al. My BD? Even my SN? We should not care to keep these secret as these should not be critical for anything.
Granted that some may want to hide their birth dates but...should they even if you equal digital presents to physcal presents, where signs of age are recoognizable...
I do want a transition to me-is-me (digitally signed somehow, block chain verifiable or whatever, finger print/iris scan/dna scan) and not me-is-my-SN or me-is-my-BD! And then FB and others will not need
Let me get this straight... (Score:1)