The personal data of approximately 533 million Facebook users reemerged online for free on Saturday, including personal information such as full names, phone numbers, Facebook IDs, locations, bios, birth dates, and in some cases, email addresses, according to a Business Insider report. This is a reminder of the company’s ability to collect mountains of information and its struggles in protecting these sensitive assets.
“This is old data that was previously reported on in 2019,” a Facebook spokesperson wrote in an email statement, according to Bloomberg. “We found and fixed this issue in August 2019.”
At the time, the Mark Zuckerberg-led company addressed a flaw in its technology that allowed the information to leak out. However, once such data escape from Facebook’s network and floats into the wide array of the internet, the company has limited power to stop it from spreading online.
Alon Gal, Chief Technology Officer at Hudson Rock, a cybercrime intelligence firm, discovered the data again on Saturday.
Databases, especially if they are large or rare, aren’t often shared widely right away because “the people who hold it will attempt to monetize it for as long as they can,” Gal said in a message on Twitter. “The process sometimes takes years, sometimes days, but eventually all private databases leak if they were sold around.”
Data leaks such as these threaten to undermine Facebook’s business model that involves gathering a large amount of personal data and using that to sell targeted ads.
The information is widely accessible to anyone with rudimentary data skills as it is available for free on a hacking forum, Business Insider said. The publication verified a number of records by pairing known Facebook users’ phone numbers with the IDs listed. Other records were also confirmed by testing email addresses from the data set in Facebook’s password reset feature, which can be used to partially reveal a user’s phone number.