A total of 106 countries, including India as been affected by the breach. Leaked data includes personally identifiable information and data of Facebook users, such as full name, email ID, location, bio, and more.
An estimate of 6,162,450 users from India have been affected by the breach, and are at the risk of bad actors misusing the available data. Alon Gal, Co-Founder & CTO, Hudson Rock, a cybersecurity firm was the first who alerted about the breach, in January 2021, when the data was up for sale. The news of the Facebook users' data being available for sale was first reported by Motherboard, the tech arm of Vice, back in January.
The portal had tested the bot and confirmed the database contained the number of a real Facebook user. The prices stretch from 20 USD to 5,000 USD, and the data can be obtained via completing the transaction from a credit points system, anyone purchase credits, and then use the credits to buy phone numbers.
Gal had previously mentioned he first found the vulnerability in around early 2020, but it went severely under-reported. As of April 3, the data of all 533,000,000 users that had been affected by the breach has been now leaked for free. The phone number of Mark Zuckerberg appears to be exposed in the data leak too.
Along with the users' PII, gender, relationship status, current location, past location information, birth date, and more information from the Facebook accounts are also available in several cases.
Liz Bourgeois, Director - Strategic Response Communications, Facebook acknowledged the breach being saying, "This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019".
Although the "old data" may predominantly comprise users' current data since information such as name, date of birth, email IDs, phone numbers are generally not frequently changed.
Phone numbers are often linked to bank accounts or any other financial or sensitive activities. It is advisable to remove one’s phone number from the Facebook account, in light of the breach. Users can remove their phone number by following these steps.