Facebook has been hit with a data breach involving the information of 533 million accounts.
According to Insider, the data was found on a hacking forum over the weekend and includes phone numbers, Facebook IDs, full names, locations, birthdates, bios and email addresses.
Facebook has since confirmed that this data is from several years ago and the leak is the result of a security flaw that was patched in 2019.
“This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019,” the company said in a statement.
And while the data might be old, there are still concerns that the availability of this information online could pose a security threat to millions of people.
Creator of website Have I Been Pwned Troy Hunt confirmed that of the over 500 million email addresses found, around 2.5 million are unique email addresses.
Hunt said that this lack of email addresses would make it difficult for a hacker to resolve identities en masse.
However, he said the number of phone numbers present mean the data is “gold” for spam based on phone number alone.
“Not just SMS, there are heaps of services that just require a phone number these days and now there’s hundreds of millions of them conveniently categorised by country with nice mail merge fields like name and gender,” he said on Twitter.
Users have since rushed to Have I Been Pwned to find out whether or not their data has been compromised in the breach.
Hunt revealed that traffic to the site was up six times from normal traffic when news of the leak broke.
This is not the first time this exact dataset has been shared online.
Earlier this year, Motherborard revealed that a hacker’s forum was selling access to this same dataset and allowing people to look up phone numbers using an automated Telegram bot.