Phone numbers for 533 million Facebook users leaked on hacking forum

A threat actor has published the phone numbers and account details for an estimated 533 million Facebook users —about a fifth of the entire social network’s user pool— on a publicly accessible cybercrime forum.

According to samples reviewed by The Record today, the leaked data includes information that users posted on their profiles. Information leaked today includes Facebook ID numbers, profile names, email addresses, location information, gender details, job data, and anything else users might have entered in their profiles.

Furthermore, the database also contains phone numbers for all users, information that is not always public for most profiles. A cursory review from The Record found multiple phone numbers for users that had not made their number public on the site.

The data is currently being offered in 106 separate download packages, with the data split on a per-country basis.

While the forum is publicly accessible and anyone can register a profile, the download links for these packages are only available to users who bought forum credits.

Reached out for comment, Facebook confirmed the leak, which according to the company took place two years ago.

“This is old data that was previously reported on in 2019,” a Facebook spokesperson told The Record. “We found and fixed this issue in August 2019.”

At the time, an attacker abused a vulnerability in the Facebook contacts importer feature to supply the Facebook platform with a list of phone numbers and get a match for existing profiles, allowing the attacker to link random phone numbers to specific users.

The attacker collected data in 2019, until Facebook detected the automated process, and cut off their access.

While the data appears to have been sold in private, it was also used as the backend of a Telegram bot launched in January 2021 that allowed anyone to retrieve the phone number and account details for Facebook users for a small fee.

With the data now entering the public domain, there is a real danger that this information will now be widely disseminated across low-skilled cybercriminals that may abuse it for email or SMS spam, robocalls, extortion attempts, threats, harassment, and more.

Below is a breakdown of the data, per country, as provided by the leaker.

  1 Afghanistan 558,393
  2 Africa 14,323,766
  3 Angola 50,889
  4 Albania 506,602
  5 Algeria 11,505,898
  6 Argentina 2,347,553
  7 Austria 1,249,388
  8 Australia 7,320,478
  9 Azerbaijan 99,472
  10 Bahrain 1,450,124
  11 Bangladesh 3,816,339
  12 Belgium 3,183,584
  13 Bolivia 2,959,209
  14 Botswana 240,606
  15 Brazil 8,064,916
  16 Brunei 213,795
  17 Bulgaria 432,473
  18 Burkina Faso 6,413
  19 Burundi 15,709
  20 Cambodia 2,838
  21 Cameroon 1,997,658
  22 Canada 3,494,385
  23 Chile 6,889,083
  24 China 670,334
  25 Colombia 17,957,908
  26 Costa Rica 1,464,002
  27 Croatia 659,115
  28 Cyprus 152,321
  29 Czech Republic 1,375,988
  30 Denmark 639,841
  31 Djibouti 14,327
  32 Ecuador 310,259
  33 Egypt 44,823,547
  34 El Salvador 4,779
  35 Estonia 87,533
  36 Ethiopia 12,753
  37 Fiji 5,364
  38 Finland 1,381,569
  39 France 19,848,559
  40 Georgia 95,193
  41 Germany 6,054,423
  42 Ghana 1,027,969
  43 Greece 617,722
  44 Guatemala 1,645,068
  45 Haiti 15,407
  46 Honduras 16,142
  47 Hong Kong 2,937,841
  48 Hungary 377,045
  49 Iceland 31,343
  50 India 6,162,450
  51 Indonesia 130,331
  52 Iran 301,723
  53 Iraq 17,116,398
  54 Ireland 1,449,919
  55 Israel 3,956,428
  56 Italy 35,677,323
  57 Jamaica 385,890
  58 Japan 428,625
  59 Jordan 3,105,988
  60 Kazakhstan 3,214,990
  61 Kuwait 4,468,134
  62 Lebanon 1,829,661
  63 Libya 4,204,514
  64 Lithuania 220,160
  65 Luxembourg 188,201
  66 Macao 414,228
  67 Malaysia 11,675,894
  68 Maldives 86,337
  69 Malta 115,366
  70 Mauritius 848,558
  71 Mexico 13,330,561
  72 Moldova 46,237
  73 Morocco 18,939,198
  74 Namibia 409,356
  75 Netherlands 5,430,388
  76 Nigeria 9,000,131
  77 Norway 475,809
  78 Oman 5,048,532
  79 Palestine 3,367,576
  80 Panama 1,502,310
  81 Peru 8,075,317
  82 Philippine 879,699
  83 Poland 2,669,381
  84 Portugal 2,277,361
  85 Puerto Rico 130,586
  86 Qatar 2,526,694
  87 Russia 9,996,405
  88 Saudi Arabia 28,804,686
  89 Serbia 162,898
  90 Singapore 3,073,009
  91 Slovenia 229,039
  92 South Korea 121,744
  93 Spain 10,894,206
  94 Sudan 9,464,772
  95 Sweden 1,092,140
  96 Switzerland 1,592,039
  97 Syria 6,939,528
  98 Taiwan 734,807
  99 Tunisia 39,526,412
  100 Turkey 19,638,821
  101 Turkmenistan 16,279
  102 United Arab Emirates 6,978,927
  103 United Kingdom 11,522,328
  104 Uruguay 1,509,317
  105 USA 32,315,282
  106 Yemen 4,617,359
 Total 533,313,128

Article updated with comment from Facebook and details about the vulnerability exploited by attackers.

Catalin Cimpanu

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.

Recent Posts

‘Yes, we are breaking the law:’ An interview with the operator of a marketplace for stolen data

A website called Marketo emerged earlier this year, billing itself as a marketplace where people…

2 days ago

Google will extend Permission Auto-Reset feature to older Android versions

Google announced plans today to port its Permission Auto-Reset feature from Android 11 to older…

2 days ago

DDoS botnets, cryptominers target Azure systems after OMIGOD exploit goes public

Threat actors are attacking Azure Linux-based servers using a recently disclosed security flaw named OMIGOD…

2 days ago

Man who bribed AT&T employees to install malware on the company’s network gets 12 years in prison

A Pakistani man who bribed AT&T employees to install malware on the company's internal network…

2 days ago

Freedom Hosting admin gets 27 years in prison for hosting child pornography

An Irish man who ran a cheap dark web hosting service has been sentenced today…

3 days ago

AMD CPU driver bug can break KASLR, expose passwords

AMD has advised Windows users this week to update their operating systems in order to…

3 days ago