The phone numbers of over 9 million Nigerians have been exposed in the latest data breach of Facebook and is being widely circulated online.
The compromised records, which experts say are being sold on hacking platforms and will be used to commit cybercrime, represent 32.8 per cent of the total number of Nigerians with accounts on Facebook.
As of the end of 2020, about 27.46 million Nigerians have their accounts on Facebook.
Other details in the personal data obtained by BizWatch Nigeria include full name, location, place of work, birthday, email addresses (sometimes), phone number, relationship status and account creation date.
The latest breach led to the exposure of the personal information of about 533 million Facebook users in 106 countries, including their phone numbers, which were posted to a website used by hackers, cybersecurity experts say.
Meanwhile, Facebook has downplayed the significance of the leak, saying it was fixed two years ago.
Facebook spokesperson, Liz Shepherd, in a tweet on “This is old data that was previously reported on in 2019,”. “We found and fixed this issue in August 2019.”
The Chief Technology Officer of Hudson Rock, a cyber intelligence company, Alon Gal, said there are records of 44.8 million accounts in Egypt, 18.9 million in Morocco, 19.8 million in France, 32 million in the United States and 11 million in the United Kingdom and 3.5 million in Canada.
BizWatch Nigeria reviewed some of the leaked data by searching for some of the profiles on Facebook using their names and Facebook ID contained in the data set.
We also verified records by testing the phone numbers in the data set using Truecaller, which revealed the names that matched those in the Facebook data.
The first fives names in the dataset reviewed by BizWatch Nigeria include Oriyomi Olatunji, Pius Emmanuel Jaydim, Masoyi Nuhu, Esther Isaac and Wrightflex Wright.
Gal pointed out that bad actors will certainly use the information for social engineering, scamming, hacking and marketing.
According to him, the leaked data was first revealed in 2020 when a vulnerability was exploited by hackers using a Telegram bot to expose the personal information of users.
He said, “All 533,000,000 Facebook records were just leaked for free. This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked. I have yet to see Facebook acknowledging this absolute negligence of your data.”
“In early 2020 a vulnerability that enabled seeing the phone number linked to every Facebook account was exploited, creating a database containing the information 533m users across all countries.
“It was severely under-reported and today the database became much more worrisome.”
According to Gal, Facebook management has an obligation to notify all affected users as soon as possible.
This is not the first time Facebook user data has been leaked on the dark web.
In December 2019, 267 million Facebook User IDs, phone numbers and names were also exposed and discovered by an Ukrainian cyber threat researcher, Bob Diachenko. Forbes reported that the data was harvested by cybercriminals and sold for $540
In 2018, it was revealed that British political consulting firm Cambridge Analytica collected the personal data of millions of Facebook users.
In July 2019, Facebook was fined $5 billion (€4.2 billion) by the US Federal Trade Commission (FTC) for data privacy violations.