899,629 accounts are from the Philippines
In 2019, social media giant Facebook found and fixed a vulnerability that allowed hackers to download more than 533 million user account details. It was then offered for sale on the dark web. Just last week, the issue reemerges online when someone posted more than 533 million user accounts including the 899,629 users from the Philippines. This time it's publicly available for free. To download the database in text format, you need to give eight credits to get the link. When you post or share something on the hacker forum, you get credits that you could use to download files from the forum. You can also download the whole database by buying credits. For 8-Euro you could get 30 credits, enough to download the more than 533 million user details from 106 countries.
Facebook downplayed the incident saying that the database is dated 2019 and that the vulnerability was already fixed. Cybersecurity practitioners however said that names don't expire, birthdays don't change, phone numbers rarely change and marital status are permanent to many.
To check the authenticity of the file, I randomly searched for the names of my Facebook friends, and true enough I found many of them. I got the file from a security researcher who's closely monitoring this incident. I then sent a message to my affected FB friends informing them of the availability of their details online. I first selected those I have no SMS connection in the past years and to my surprise, all of them are still using the same phone numbers.
In the case of users with similar names, anyone could verify if the details belong to the person he is looking for by checking the Facebook ID, just append the number on the URL of Facebook and if it goes to that person's Facebook page, then you got the phone number and other details including names, locations, birthdays, some bios and some even with email addresses.
Some well-known Pinoys that I know are also on the list and I messaged them one by one informing them of the availability of their information to the public. While many of them said that the information was already public even without the leak, some of them are still worried about the fact that their phone numbers and other detials are now publicly accessible.
A friend asked me what he could do about it. I said, nothing. The data is now out in the open and we could not do anything about it. Facebook however while downplaying this incident needs to inform affected users and warn them of possible fraud that could happen as a result of this leak. There are 879,699 users affected in the country, I hope at least one would complain about the negligence of FB to the National Privacy Commission.
By the way, when I checked, my name is on the list. It however contains a fake phone number, location, and birthday.