According to a security analyst, the sensitive personal information of more than 500 million Facebook users has been leaked on a popular hacking forum today, posing a potential risk to millions of cryptocurrency traders and holders, who may now be vulnerable to sim card swaps and other identity-based attacks.
The leaked information includes phone number, Facebook ID, full name, location, previous locations, date of birth, email address, relationship status, and biography.
The information was discovered by Alon Gal, chief technology officer at security firm Hudson Rock, who tweeted about the leak.
https://twitter.com/UnderTheBreach/status/1378314424239460352
According to Gal, the leak is related to a security vulnerability first discovered in 2019. In January 2021, it was learned that hackers were able to use the information to access users’ phone numbers; the leak has now expanded to include “Phone number, Facebook ID, full name, location, previous location, date of birth, (sometimes) email address, account creation date, relationship status, biography.”
According to Gal, the information could now allow hackers and scammers to deploy a variety of social manipulation exploits and other nefarious tactics. “Malicious people will undoubtedly use the information for social engineering, scamming, hacking, and marketing.”
https://twitter.com/UnderTheBreach/status/1378315550103863298
Cryptocurrency users are particularly at risk from such attacks. Earlier this year, a victim of a sim card swap attack sued mobile carrier T-Mobile for $450,000, and in 2018 Kaspersky Labs discovered that hackers were able to steal 21,000ETH, currently valued at more than $43 million, in social engineering attacks over 12 months.
The scale of the data breach is also much larger than the Ledger breach late last year. Shortly after the information of more than 270,000 users was leaked online, users reported extortion threats and considered suing the e-wallet company, Cointelegraph noted.