Contact number, Facebook ID, full name, place, previous locations, birthdate, email address, relationship status, and bio have all been leaked.
According to a security expert, confidential personal details for over 500 million Facebook users was leaked earlier today on a popular hacker website, posing a danger to millions of cryptocurrency traders and hodlers who are now exposed to sim swapping and other identity-based assaults.
The cache of data was discovered by Alon Gal, CTO of security company Hudson Rock, who announced the leak on Twitter earlier today:
According to Gal, the leak is linked to a security flaw found in 2019. In January 2021, it was revealed that hackers were able to use the data to reach users’ phone numbers; the leak has now extended to include “Phone number, Facebook ID, Full name, Place, Past Location, Birthdate, (Sometimes) Email Address, Account Creation Date, Relationship Status, Bio.”
According to Gal, the details could now be exploited by hackers and scammers to deploy a wide range of social exploitation exploits and other sinister tactics:
“Bad actors will undoubtedly use the knowledge for social engineering, scamming, hacking, and marketing.”
Cryptocurrency users are particularly vulnerable to such threats. Earlier this year, a survivor of a sim-swapping attack sued T-Mobile for $450,000, and Kaspersky Labs learned in 2018 that hackers were able to snatch 21,000 ETH, which is now worth more than $43 million, in social engineering attacks over a 12-month stretch.
The data leak is also orders of magnitude greater than the Ledger breach, which happened late last year. Shortly after the details of over 270,000 users was leaked online, users claimed ransom threats and considered filing litigation against the hardware wallet firm.