A massive data leak has potentially exposed 11,675,894 Malaysian phone numbers linked to Facebook accounts.
This was part of an alleged data leak of 533 million Facebook accounts. At the time of writing, Facebook has not officially acknowledged this leak.
The leak was brought to prominence by Israeli cybersecurity company Hudson Rock co-founder Alon Gal.
So far, Facebook director of strategic response communications, Liz Bourgeois, said on Twitter that the leak was “old data that was previously reported in 2019” and was fixed.
However, independent checks by Malaysiakini of a small fraction of the leaked numbers verified that most of those numbers are legitimate.
The Malaysian portion of the leak was arranged according to phone numbers, starting with the 010 prefix and ending with 019.
The exposed phone numbers included those of very prominent people and also Malaysiakini staff.
The leak comes as a potential security risk, especially since Malaysian banks require customers to use SMS TAC code authentication system, which is susceptible to SMS spoofing.
SMS spoofing is a common technique to intercept SMS messages.
Many online accounts, including Facebook, use SMS for two-factor authentication.
Other information contained in the leak includes unique ID numbers for each Facebook account.
Some entries included marital status, place of work, and current location. – Malaysiakini