According to a security expert, confidential personal details for over 500 million Facebook users was leaked earlier today on a common hacker website, posing a danger to millions of cryptocurrency traders and hodlers who are now exposed to sim swapping and other identity-based assaults.
The cache of data was discovered by Alon Gal, CTO of security company Hudson Rock, who announced the leak on Twitter earlier today:
All 533,000,000 Facebook records were just leaked for free.
This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.
— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
According to Gal, the leak is linked to a security flaw found in 2019. In January 2021, it was revealed that hackers were able to use the data to reach users’ phone numbers; the leak has now extended to include “Phone number, Facebook ID, Full name, Place, Past Location, Birthdate, (Sometimes) Email Address, Account Creation Date, Relationship Status, Bio.”
According to Gal, the details could now be used by hackers and scammers to deploy a wide range of social exploitation exploits and other sinister tactics:
“Bad actors will certainly use the information for social engineering, scamming, hacking and marketing.”
Cryptocurrency users are particularly vulnerable to such threats. Earlier this year, a survivor of a sim-swapping attack sued T-Mobile for $450,000, and Kaspersky Labs learned in 2018 that hackers were able to snatch 21,000 ETH, which is now worth more than $43 million, in social engineering attacks over a 12-month stretch.
The data leak is also orders of magnitude greater than the Ledger breach, which occurred late last year. Shortly after the details of over 270,000 users was leaked online, users claimed ransom threats and considered filing litigation against the hardware wallet firm.
146 Interactions, 2 today