Facebook Data: A hacker claims to have leaked data from 1.2 billion Facebook users, including emails, phone numbers, and more. Researchers verified part of the sample, raising concerns about Meta’s data security and ongoing scraping issues.

In response to Cyber News, Facebook’s parent company, Meta, sent a brief message along with a link to a newsroom article from four years ago titled “How we combat scraping.”

“This assertion is not new. A Meta representative stated, “We revealed this years ago and have since taken action to stop such events from occurring.

Meanwhile, looked into a data sample that had information on 100,000 distinct Facebook user records that the attackers had added to the post. The data seems valid based on the contents of the sample rather than the entire dataset.

The team claims that the dataset consists of:

• User IDs
• Names
• Email addresses
• Usernames
• Phone numbers
• Locations
• Birthdays
• Genders

Researchers advise exercising caution regarding the veracity of the attacker’s claims regarding “1.2 billion Facebook user records,” despite the fact that they are remarkable. For starters, this is only the second post the attackers have ever made that contains alleged Facebook records that were scraped.

Although the quantity was substantially smaller, data purportedly collected from Facebook was also included in another attacker’s post. Researchers speculated that after publishing one post, they were able to extract further data to reach 1.2 billion entries.

The social networking site would flag another case of user data being scraped in bulk if the Facebook data scrape were verified. According to the team, this calls into doubt the company’s stance on the protection of consumers’ personal information.

Recurring incidents indicate a tendency toward reactive security measures as opposed to proactive ones, especially when it comes to safeguarding critical yet publicly accessible data. Millions may be vulnerable to phishing, scams, identity theft, and long-term privacy problems due to the absence of more robust protections and transparency, the researchers stated.

A dataset of that size can be used in a variety of ways by threat actors since it makes it simple for hackers to automate attacks, releasing hordes of bots that target each user in the dataset with minimal human intervention. Since malicious actors are aware that the email addresses in the dataset belong to Facebook members, they can utilise one of the several Facebook phishing methods to target Facebook users.

Threat actors frequently try to use APIs for malicious ends. Attackers targeted Shopify, GoDaddy, Wix, and OpenAI’s APIs earlier this year. Actors with financial motivations frequently try to misuse the same method to gain access to cryptocurrency wallets.

“A pattern of reactive rather than proactive security measures is evident in repeated incidents, especially when it comes to safeguarding sensitive but publicly visible data.”

Since APIs enable communication between various services, the majority of well-known services would not be possible without them. Attackers, however, manage to leverage lawful APIs for malicious ends, such as retrieving significantly more data than the software applications were designed to do.

Facebook data scraping is not unheard of. For instance, Meta acknowledged last year that it had used publicly available Facebook and Instagram data to train its AI virtual assistant.

In 2021, however, a different hacker shared details about more than 500 million Facebook users, including locations and phone numbers. The Irish Data Protection Commission (DPC), the European Union’s top data privacy body, fined Meta €265 million ($266 million) for the leak.