1.5 Billion Facebook Users' Personal Information Allegedly Posted for Sale

Personal information from roughly 1.5 billion worldwide Facebook users was allegedly put up for sale following a recent leak.

A member of a known forum for hackers claimed to be in possession of the information in late September and offered to sell it in chunks to others on the forum, according to a report from Privacy Affairs. One user claimed to have gotten a quote of $5,000 for the information of 1 million users.

The user allegedly in possession of the leaked information claimed that it included the following for each Facebook account: name, email address, location, gender, phone number and user ID.

facebook leaked info
The data of 1.5 billion Facebook users may have been leaked. Above is a Facebook logo seen on a smartphone screen. Chesnot/Getty Images

Samples shared by the user appear to have been authentic, according to Privacy Affairs. The outlet also checked the information against previous leaks and found that alleged info was a legitimately new leak, not old data being resold. The hacker claimed to be in charge of a four-year-old data scraping operation with 18,000 clients.

However, several users on the forum reported that they had not received anything after sending money to the original poster. This could indicate that the alleged leak was, in fact, a scam, or that the alleged holder of the data was running late.

"We're investigating this claim and have sent a takedown request to the forum that's advertising the alleged data," Jason Grosse, a Facebook company spokesperson, told Newsweek in a statement.

Grosse also directed Newsweek to other reports highlighting the probability that the "leak" was actually a scam.

If the information was actually obtained via data scraper, then no actual accounts are likely to have been compromised yet. Accounts could still be accessed if the data was acquired by the right sort of cybercriminals. It is also possible that it could be acquired by marketing operations and used to push certain ads on affected users.

A similar data leak occurred in the spring and affected roughly 533 million users from 106 countries. The information was found to be legitimate by outlets like Business Insider, who used Facebook's password reset feature to partially confirm the phone numbers associated with certain emails.

This latest alleged hack comes around the same time that Facebook and its subsidiary platforms, Instagram and WhatsApp, suffered a sustained outage. Users around the world began reporting their inability to access the services early on Monday. As of shortly before 4 p.m. ET, the sites remained inaccessible.

"We're aware that some people are having trouble accessing our apps and products," Facebook said on its official Twitter account. "We're working to get things back to normal as quickly as possible, and we apologize for any inconvenience."

Internet analyst Doug Madory said that Facebook's issues might have stemmed from Domain Name System route withdrawals, preventing browsers from properly translating web addresses into IP addresses.

Correction (10/4/2021, 7:30 p.m.): An earlier version of this story's headline referred to a hack, however, this has not been confirmed. It is currently believed the data was obtained by scraping publicly available information.

Update (10/5/2021, 12:35 p.m.): Added response from a Facebook spokesperson.