Brinztech Alert: 35 Million Phone Numbers of Facebook Italy Users on Sale

Dark Web News Analysis: 35 Million Facebook Italy User Phone Numbers on Sale

A massive database containing the names and mobile phone numbers of 35 million Italian citizens, allegedly sourced from Facebook, is being offered for sale on a hacker forum. This leak poses a direct and immediate threat of large-scale, mobile-based scams to a huge portion of the Italian population. The compromised data provides a simple but powerful toolkit for criminals to conduct widespread fraud. The information for sale reportedly includes:

• PII and Contact Info: Full names and mobile phone numbers.
• Record Count: 35 million records of Italian citizens.

Key Cybersecurity Insights

A geographically concentrated database of names and mobile numbers is the perfect fuel for nationwide smishing and vishing campaigns.

• A “Targeting Package” for Nationwide Smishing Campaigns: A verified list of 35 million phone numbers linked directly to the full names of Italian citizens is a goldmine for mobile scammers. This data will be immediately used to launch massive, nationwide SMS phishing (smishing) campaigns. These campaigns will impersonate well-known Italian brands, banks, postal services, or government agencies to trick millions of people into clicking malicious links and compromising their personal information.
• A Nation-Scale Breach Impacting a Majority of the Population: With a population of around 60 million, a database of 35 million users represents a huge percentage of the entire country. The sheer scale of this leak means that nearly every mobile phone user in Italy is now at a heightened risk of receiving these targeted scam messages.
• Likely Part of the 2021 Facebook Data Scraping Incident: This data is almost certainly from the widely reported 2021 incident where the data of over 500 million Facebook users was scraped due to a vulnerability. While the data itself is a few years old, personal information like names and phone numbers is largely permanent, making it just as dangerous and effective today for launching smishing and vishing (voice phishing) attacks as it was then.

Critical Mitigation Strategies

As this data is already in circulation, the primary defense lies in public awareness and individual vigilance against the inevitable wave of scams.

• For Italian Citizens: Be on Maximum Alert for SMS Scams (Smishing): This is the most crucial advice for the public. The Italian population must be warned about the high likelihood of receiving fraudulent text messages. Instruct yourself, your family, and your colleagues to never click on links in unexpected text messages, even if the message contains your real name or other personal details.
• For All Italian Organizations: Prepare for an Increase in Mobile-Based Fraud: Banks, e-commerce companies, and government agencies in Italy should prepare for a surge in fraud attempts originating from this data. It is an opportune time to launch public awareness campaigns to educate their customers on how to spot and report these scams.
• For All Facebook Users: Lock Down Your Profile’s Privacy: This incident is another stark reminder to limit the amount of personal information you share publicly on social media. All users should go into their Facebook privacy settings and set their phone number and email address to be visible “Only to Me” to prevent them from being scraped in future incidents.

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. For general inquiries or to report this post, please email us: contact@brinztech.com