533 million Facebook users’ phone numbers leaked on hacker forum

533 million Facebook users’ phone numbers leaked on hacker forum


The mobile phone numbers and other personal information for approximately 533 million Facebook users worldwide has been leaked on a popular hacker forum for free.

The stolen data first surfaced on a hacking community in June 2020 when a member began selling the Facebook data to other members. What made this leak stand out was that it contained member information that can be scraped from public profiles and private mobile numbers associated with the accounts.

The initial sale of Facebook data in June 2020
The initial sale of Facebook data in June 2020
Source: BleepingComputer

The sold data included 533,313,128 Facebook users, with information such as a member’s mobile number, Facebook ID, name, gender, location, relationship status, occupation, and email addresses.

From samples of the Facebook data seen by BleepingComputer, almost every user record contains a mobile phone number, a Facebook ID, a name, and the member’s gender.

Below is a small sample of USA records showing the redacted mobile numbers starting with New York’s 917 mobile area code.

Sample of leaked USA Facebook members with mobile numbers
Sample of leaked USA Facebook members with mobile numbers
Source: BleepingComputer

According to Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, it is believed that threat actors exploited a now-patched vulnerability in Facebook’s “Add Friend” feature that allowed them to gain access to member’s phone numbers. 

It is unknown if this alleged vulnerability allowed the threat actor to retrieve all of the information in the leaked data or just the phone number, which was then combined with information scraped from public profiles.

After the initial sale of the data, which is believed to be for $30,000, another threat actor created a private Telegram bot that allowed other threat actors to pay to search through the Facebook data. 

Facebook data leak released for free

Today, this Facebook data leak has been released for free on the same hacker forum for eight site ‘credits,’ a form of currency on the hacker forum, equal to approximately $2.19.

While data breaches are initially sold in private sales for a high price, it is common for them to be sold for lower and lower prices until they are eventually released for free as a way of earning reputation within the hacker community.

“As is the case every time, people began to sell for cheaper and cheaper until it leaked for free,” Gal told BleepingComputer in a conversation.

Data leak shared for free on Hacker Forum
Data leak shared for free on Hacker Forum
Source: BleepingComputer

The top 20 countries where members were exposed in this leak are listed below:

Country Number of users
Egypt 44,823,547
Tunisia 39,526,412
Italy 35,677,323
USA 32,315,282
Saudi Arabia 28,804,686
France 19,848,559
Turkey 19,638,821
Morocco 18,939,198
Colombia 17,957,908
Iraq 17,116,398
Africa 14,323,766
Mexico 13,330,561
Malaysia 11,675,894
United Kingdom 11,522,328
Algeria 11,505,898
Spain 10,894,206
Russia 9,996,405
Sudan 9,464,772
Nigeria 9,000,131
Peru 8,075,317

Data can be used to conduct attacks

This release has been met with enthusiasm by other threat actors on the hacker forum as they can use it to conduct attacks on the people listed in the data leak. 

For example, threat actors can use email addresses for phishing attacks and mobile numbers for smishing (mobile text phishing) attacks. 

Threat actors can also use mobile numbers and leaked info to perform SIM swap attacks to steal multi-factor authentication codes sent via SMS.

It is advised that all Facebook users be wary of strange emails or texts requesting further information or telling you to click on enclosed links.

BleepingComputer has contacted Facebook about the data leak but has not received a response at this time.

You May Also Like…