Hackers launched their latest attacks against security-robust organizations like Facebook and LinkedIn.
Cybercrime has never been so powerful or unstoppable. It’s a full-fledged business that generates very profitable returns and if only for that reason, it’s always going to find ways to thrive.
The personal information of about half a billion Facebook users, including their phone numbers, have been posted to a website used by hackers.
Details in some cases include full name, location, birthday, email addresses, phone number, and relationship status.
The leak was first reported by the news website Insider.
“This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019,” Facebook spokesperson Andy Stone told CNN.
Stone added, “In 2019, we removed people’s ability to directly find others using their phone number across both Facebook and Instagram – a function that could be exploited using sophisticated software code, to imitate Facebook and provide a phone number to find which users it belonged to.”
According to Wired, this specific data breach hadn’t been fully disclosed in the past, though it is using old data.
The process the scrapers used, as Facebook notes, was based on the ‘Find my Friends’ feature, which used your phone contacts to connect you to people you know in the app when starting a new account. Hackers found that they could load basically every phone number in existence into their address book and Facebook’s system would simply assume these were friends, then provide them with access to their personal info. They then used this to scrape the data, which is what’s now being made available.
Although this data is from 2019 it could still be of value to hackers and cybercriminals like those who engage in identity theft.
The data was sorted and posted on the hacking site this week making it far more accessible for criminals to exploit.
Facebook has had other data scandals in the past like with Cambridge Analytica where some 1.1 million UK-based users had their personal details exposed.
Facebook was also the target of a data breach affecting up to 50 million users in September 2018.
Cyber News reported that personal data scraped from 500 million LinkedIn users was being made available for sale on various hacking forums.
In LinkedIn’s case, LinkedIn says that the available dataset includes ‘public information’ which had been scraped from the platform.
According to Cyber News, the full leaked archive contains full names, email addresses, phone numbers, workplace information, and more, stripped from the profiles of more than 500 million LinkedIn members.
Given the platform only has 740 million members in total, it is a huge chunk of its user base.
It’s unclear exactly how the hackers might have gained access to all of this data, but LinkedIn has said that it appears that the hackers have combined the scraped LinkedIn profile info “with data aggregated from other websites or companies.”
In addition to an archive of 500 million LinkedIn profiles that have been scraped, another 2 million records have been leaked as a proof-of-concept sample under which it mentions the 500 million profile bank.
The leaked information includes the full names, email addresses, phone numbers, and genders of LinkedIn members. The hacker has put up a price of around $2 to view the leaked samples of 2 million profiles. As for the 500 million profiles, the hacker has asked for a 4-digit amount which is expected to be in Bitcoin.
“This was not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we’ve been able to review,” LinkedIn said in a statement.