Digital transformation

Hackers claim to have stolen 1.2 billion Facebook user records.

Phan Van Hoa May 22, 2025 09:24

A group of hackers claims to have stolen a massive database of 1.2 billion user records from Facebook by exploiting a vulnerability in an application programming interface (API) of the social media platform operated by Meta.

This massive database surfaced on a forum dedicated to sharing leaked information, accompanied by a claim from the hacking group that it wasn't a collection of old records, but a completely new data trove. If verified, this could be one of the largest unauthorized user data breaches ever to occur against Facebook.

A research team at Cybernews analyzed a data sample comprising 100,000 unique Facebook user profiles, extracted from the attacker's original post. While this is only a small fraction of a dataset estimated to contain 1.2 billion records, the researchers say the information in this sample appears valid.

Ảnh minh họa
Illustrative image.

According to initial analysis, the data contains sensitive information fields such as user ID, full name, email address, username, phone number, location, date of birth, and gender, enough to create a serious privacy risk if exploited.

However, experts warn that caution is needed before confirming the authenticity of the entire claim. This is partly because this is only the second post by the attackers on the forum, and the previous post contained significantly less data.

"It's possible they initially tested the data with a small sample, then continued collecting or aggregating it to increase the number to 1.2 billion records," the research team noted.

If this claim is confirmed, it would be one of the largest user data leaks ever recorded on the Facebook platform, further raising questions about how Meta protects users' personal information.

“The series of incidents shows that Facebook is implementing security measures that are more reactive than proactive, especially for sensitive data that is still publicly accessible. The lack of robust safeguards and necessary transparency not only erodes trust but also puts millions of users at risk of fraud, identity theft, and long-term privacy consequences,” the Cybernews report emphasized.

With a scale of up to 1.2 billion records, the leaked dataset could become an extremely dangerous tool in the hands of cybercriminal groups. Possessing a large volume of email addresses, phone numbers, and verified personal information from Facebook users makes it easy for attackers to automate phishing campaigns and target victims on a large scale.

Instead of requiring manual intervention, these campaigns can be deployed using automated robots that generate millions of fake messages, malicious messages, or fake login requests, personalized based on collected data.

Knowing that the email addresses on the list are actually linked to Facebook accounts makes the scams even more convincing. Hackers can target individual users with sophisticated phishing campaigns, impersonating Facebook or related services to steal login credentials, take control of accounts, or commit financial fraud.

According to security experts, API abuse is an increasingly common tactic used by threat actors. In the first half of this year, many major platforms such as Shopify, GoDaddy, Wix, and OpenAI have been targeted by API exploitation attacks.

Financially motivated attack groups even use similar techniques to illegally access cryptocurrency wallets, or collect personal data from systems that are not adequately protected.

APIs are an integral part of modern digital infrastructure, enabling various services to interact and share data. However, this very flexibility makes APIs a vulnerability if not tightly controlled. Attackers can exploit legitimate APIs to extract data at a speed and scale far exceeding the developers' original intentions.

The unauthorized collection of Facebook data is nothing new. Last year, Meta itself admitted to using publicly available data from Facebook and Instagram to train its AI virtual assistant, a move that sparked considerable controversy regarding privacy rights.

Previously, in 2021, another major data leak involving over 500 million Facebook users, including phone numbers and locations, resulted in the company being fined €265 million by the Irish Data Protection Commission (DPC).

"Repeated incidents show that Facebook and many other platforms are still maintaining a reactive rather than proactive security model, especially when it comes to controlling publicly available but sensitive data," the research team warned.

The research team stated: “Without rigorous defense mechanisms and necessary transparency, user trust erodes and millions become potential targets of scams, fraud, or even identity theft.”

Source: Cybernews
Copy Link
0 0 0
x
Hackers claim to have stolen 1.2 billion Facebook user records.
Google News
POWERED BYFREECMS- A PRODUCT OFNEKO