More than 7 million Australian Facebook accounts are caught up in a privacy breach which includes personal data posted publicly including phone numbers and email addresses.
A user posted a trove of data on accounts including phone numbers, email addresses, Facebook IDs, gender, location, profile name, and more.
According to security researcher Troy Hunt, 7.3 million Australian accounts were caught up in the leak. Of those, there were 37,000 with email addresses attached.
I actually couldn't find any of my own or my family's data in the Australia file which has 7.3M rows. Having said that, I'm hearing from other trustworthy sources that the data is legit and that seems a reasonable assumption to work on for now.
— Troy Hunt (@troyhunt) April 3, 2021
Facebook confirmed that the reports about the privacy breach were correct, but downplayed its newsworthiness.
“This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019,” Facebook’s director of strategic response communications Liz Bourgeois said on Twitter.
A company spokesperson said that the data was scraped from the platform in 2019 via a vulnerability that has since been closed.
For an indication about how well things are going for Facebook at the moment, this wasn’t even their only privacy breach in 2019 affecting hundreds of millions of users.
While knowledge of the hack itself may be stale, the public availability of the data is new. Seemingly for the first time, the data contained in this breach are viewable by anyone with a web browser.
It’s true that some aspects of the data may be less relevant after a few years. But names attached to email addresses and phone numbers are extremely useful for anyone planning nefarious deeds. Some users are even alleging that they’ve seen an uptick in spam calls and emails but it’s impossible to verify if this leak is the cause of that.