The data of 533 million Facebook users, collected during a data breach suffered by the company in 2019, was found on a public server. They had been circulating for two years in the circuit of cybecriminality, but this is a priori the first time that they are freely accessible and free in this way. The information was spotted on Saturday April 3 by Alon gal, CTO of the Hudson Rock cybercrime firm.
20 million French people affected
Data was shared through 106 files, each bringing together data from a single country. In France, nearly 19.85 million people, or half of French users of the social network, are affected by the leak. Among the data concerned: names, identifiers, e-mail addresses but above all telephone numbers.
An extract of the hacked data
According to Troy hunt, researcher in computer security and founder of the Have I Been Pwned platform, only 0.5% of those concerned have had their email address disclosed. Some records also show gender and location by country. This data could be used for targeted canvassing or scams.
Did Facebook keep its users well informed?
In January 2020, Facebook assured that measures had been taken to “remove the ability for people to find other people using their phone number”. The breach that gave rise to this leak was also sealed in August 2019. But for many users, this data is still relevant and is now particularly exposed.
It should also be noted that Facebook did not bother to inform all the users concerned of this leak, even though the GDPR normally forces them to do so. Possible legal consequences cannot therefore be ruled out. To check if a phone number or email address was included in these files, it is possible to do a secure search on Have I Been Pwned.