The personal information of about half a billion Facebook users, including their phone numbers, have been posted to a website used by hackers, cybersecurity experts say.
There are records for more than 32 million accounts in the United States, 11 million in the United Kingdom, and 6 million in India, according to Alon Gal, the CTO of cyber intelligence firm Hudson Rock.
Details in some cases include full name, location, birthday, email addresses, phone number, and relationship status, he said.
Hudson Rock showed CNN Business the phone numbers of two our senior staff which are included in the database.
The leak was first reported by the news website Insider.
“This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019,” Facebook spokesperson Andy Stone told CNN Saturday.
Facebook did not say if it notified affected users at the time.
Stone added, “In 2019, we removed people’s ability to directly find others using their phone number across both Facebook and Instagram - a function that could be exploited using sophisticated software code, to imitate Facebook and provide a phone number to find which users it belonged to.”
Although this data is from 2019 it could still be of value to hackers and cyber criminals like those who engage in identify theft.
Hudson Rock’s Alon Gal pointed out on Twitter that the way the data was sorted and posted on the hacking site this week makes it far more accessible for criminals to exploit.
Rachel Tobac, an ethical hacker and CEO of SocialProof Security, told CNN, “These are the pieces of data cyber criminals spend time searching for to perform social engineering attacks (a type of hacking) — but now they’re all in one place and easily accessible in this leak, which makes social engineering quicker and easier.”