Earlier in the day, according to a security analyst, sensitive personal information of more than half a billion Facebook users was leaked into a crowded hacking forum – a potential risk to millions of cryptocurrency traders and hodlers who may now be vulnerable to SIM swapping and other identity-based to attack.
The wealth of information was first discovered by Alon Gal, CTO of security firm Hudson Rock, who posted on Twitter about the leak earlier today:
All 533,000,000 Facebook records have just been leaked for free.
This means that if you have a Facebook account, it is very likely that the phone number used for the account has been leaked.
– Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
According to Gal, the vulnerability is related to a security vulnerability first discovered in 2019. In January 2021, it was revealed that hackers could use the information to access users’ phone numbers; the leak has now been expanded to include “Phone number, Facebook ID, full name, location, past location, date of birth, (sometimes) email address, account creation date, relationship status, biography.”
According to Gal, the information could now enable hackers and scammers to deploy a variety of social manipulation exploits and other nefarioustactics:
“Bad actors will certainly use the information for social engineering, scams, hacking and marketing.”
Cryptocurrency users are particularly at risk from such attacks. A victim of a sim swapping attack earlier this year sued cell phone company T-Mobile for $ 450,000, and in 2018 Kaspersky Labs found that hackers could steal 21,000 ETH, currently worth more than $ 43 million, in social engineering attacks over a 12-month period.
The data breach is also orders of magnitude larger than the general ledger leak at the end of last year. Shortly after more than 270,000 user information was leaked online, users reported extortion threats and considered lawsuits against the hardware wallet company.