NEW DELHI: Personal details such as phone numbers of around 6.1 million (61 lakh) Indians on Facebook have allegedly been leaked online and posted on hacking forums, according to a cybersecurity executive.
According to Alon Gal, co-founder and chief technical officer of cybersecurity firm Hudson Rock, personal data of 533 million Facebook users globally – including names, phone numbers and other details – was allegedly leaked online and posted for free on hacking forums.
“All 533,000,000 Facebook records were just leaked for free. This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked,” Gal has said in a tweet flagging the issue.
A list of countries that was shared in the tweet, showed that information of 6.1 million users from India, 32.3 million from the US, 11.5 million from the UK and 7.3 million from Australia, was part of the leaked data.
When contacted, a Facebook company spokesperson said: “This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019”.
Gal said in early 2020, a vulnerability – which enabled seeing the phone number linked to every Facebook account – was exploited, creating a database containing the information of 533 million users across all countries.
He added that details include phone number, Facebook ID and full name and “bad actors will certainly use the information for social engineering, scamming, hacking and marketing”.
In the past too, Facebook – which had 2.80 billion monthly active users (MUAs) as of December 31, 2020 – has faced challenges around data security.
In March 2018, Facebook data of over 5.62 lakh Indians was allegedly compromised as UK-based Cambridge Analytica had accessed information of about 87 million users globally.
India is among the biggest markets for Facebook and its group companies, WhatsApp and Instagram.
According to government data, India has 53 crore WhatsApp users, 41 crore Facebook users, and 21 crore users of Instagram.
Recently, the Indian government tightened rules governing social media, requiring them to take down contentious content quicker, appoint grievance redressal officers and assist in investigations.
The rules, announced in February, have been designed to curb misuse of social media platforms, mandate that platforms appoint executives to coordinate with law enforcement, remove contentious content flagged by the government or legal order quickly and that user grievances be resolved within 15 days.
The government is also crafting data protection law to ensure privacy, safety and security of user data.
These include provisions around the handling of data of adults and minors, storage within the Indian borders and penalties for non-compliance.