Facebook Hacked! | 553 million of Facebook users' personal data leaked on Hacker forum

The Full names, phone numbers,emails, locations and biographical information of 553 million of Facebook users were posted in a low-level hacking forum last April.

 

 The data exposed belong to Facebook users from at leats 106 countries, including 11 millions from UK. The leaked data was expose after a vulnerability related with the "add friend" feature was exploited in 2019. The same year after the attack the feature was patched and the issue fixed. 

The vulnerability allowed the criminal to obtain all of the information of the Facebook's databases. Then, to combine the leaked data to make it match with the people's profile information.

A data breach cause by a vulnerability on a website could be avoid with a proper auditory. Addressing all the vulnerabilities found to the developers, allowing them to correct the issue.

Facebook assumes that the 2021 leaked data was obtained from a previous data security breach in 2019, before the vulnerability was patched. On that time, the information was sold for around $30.000 to a third criminal. This third criminal start to sell the data to anyone who want to buy it using a telegram bot. It is presumable that  the data published on the forum for free was obtain from these sources.

The American FTC(Federal Trade Commission) concluded that:"Facebook used deceptive disclosures and settings to undermine users' privacy preferences", after an investigation committed in July 2019. Due to this investigation and the later data security breach, Facebook was sentence to pay a $5 billion fine. 

The user are probably going to feel the consequences of this data security breach. It is fair to assume that the data leaked will lead to further attacks. Well orchestrated phishing and smishing attacks towards those users are expected. The criminal can use the information gathered to target the phishing campaigns more efficiently.