More than three million Belgians are among 533 million Facebook users whose private information has been posted online in a hackers’ forum, Business Insider reports.
The information posted contains phone numbers, full name, email addresses and in some cases private information such as gender and marital status. Security experts warn it could be used to impersonate the people listed and steal their identities.
For example, telephone numbers are often used in two-step verification systems, where subscribers can only log in to an account by responding to a text message. Using the information listed, a thief could obtain a SIM card with using the name and number and hijack the users’ accounts.
The breach affects 533 million Facebook users in 106 countries, including 32 million in the US, 11 million in the UK and six million in India.
The Belgian list contains precisely 3,183,584 listings, including individuals and professional pages.
- Belgium's Crisis Centre warns of scam involving vaccination papers
- Warning: Scammers targetting PayPal customers in Belgium
- 'Fake profiles': Belgians warned for 'fraudulent' dating site InstaMatch
According to Insider, Facebook explained that the data comes from a vulnerability that was patched in 2019. In the meantime, however, it has been compiled into a country-by-country database, easily obtainable without venturing on to the Dark Web, and able to be downloaded with a couple of mouse clicks.
The country file takes the form of a text file – in Belgium’s case 97.5MB in size. Difficult to read with over three million lines, but perfectly simple to search.
The appearance of the leaked data was discovered yesterday by Alon Gal, chief technical officers of cybercrime intelligence company Hudson Rock.
"A database of that size containing the private information such as phone numbers of a lot of Facebook's users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks [or] hacking attempts,” Gal told Insider.
All 533,000,000 Facebook records were just leaked for free.This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked. I have yet to see Facebook acknowledging this absolute negligence of your data. https://t.co/ysGCPZm5U3 pic.twitter.com/nM0Fu4GDY8 — Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
The Brussels Times