A risk actor utilizing the alias “ByteBreaker” is claiming to have abused the Fb API and scraped 1.2 billion account particulars, which at the moment are being bought on a knowledge breach discussion board.
A have a look at the pattern information of 100,000 customers shared by ByteBreaker on the discussion board reveals it consists of the next info:
- Gender
- Full names
- Usernames
- Date of start
- Telephone numbers
- E-mail addresses
- Distinctive identifier (UID)
- Location (together with metropolis, state, and nation)
“As we speak I’ve include the most recent Fb database which was scraped by abusing one in all their APIs. Be happy to match outcomes from the earlier leaks, it’s a brand new one and by no means leaked earlier than,” ByteBreaker mentioned of their put up.
Hackread.com in contrast the pattern with information from earlier Fb breaches. A few of it overlaps with the April 2021 breach, during which the private information of over 500 million customers from 106 nations was leaked, however not all. Nevertheless, with the claimed database measurement being 1.2 billion data, evaluating a pattern of solely 100,000 data is inadequate to conclude at the moment.
What Doesn’t Add Up?
ByteBreaker joined the discussion board the place they’re promoting the info within the first week of Could 2025. On Could 3, they initially posted one other Fb database on the market, claiming it contained 780 million data and likewise featured recent 2025 information.
In each listings, ByteBreaker claimed the info was scraped through the identical API abuse approach. Nevertheless, in each circumstances, the pattern information are precisely the identical and notes: “The Whole Rows are 200 million”, structured as:
uid, title, e mail, username, mobile_phone, location, birthday, gender
This raises a elementary query: Can 1.2 billion data be saved in simply 200 million rows? No, every row already accommodates full person info. If ByteBreaker has 1.2 billion person data, it could want 1.2 billion rows. The numbers don’t match.
One other inconsistency lies in ByteBreaker’s Telegram contact. Whereas the unique itemizing talked about the deal with @XByteBreak, the pattern information references a distinct account: @Minimize9, which doesn’t exist on Telegram.
Hackread.com tried to contact ByteBreaker, and whereas our messages had been seen on Telegram, the risk actor didn’t reply.
A Take a look at @Minimize9
Though @Minimize9 doesn’t exist on Telegram, a Google search hyperlinks the username to an Indonesian citizen named FM (Full title redacted). Nevertheless, Hackread.com makes no implication that FM is behind the @Minimize9 deal with talked about within the pattern information, or that he’s the particular person working the ByteBreaker account.
API Abuse and Net Scraping
API abuse and internet scraping are actual and critical cybersecurity threats. Platforms like Chess.com, LinkedIn, Trello, Duolingo, Clubhouse, Bumble, and Discord have all been focused utilizing these techniques, amongst many others.
Whatever the risk actor’s claims, organizations, particularly social media giants, ought to repeatedly put money into cybersecurity measures, monitor for uncommon exercise, and shut any exploitable endpoints to guard person information.
As this case is creating, Hackread.com has reached out to Meta, the mother or father firm of Fb, and an replace shall be supplied as soon as a response is acquired.
