A user with access to leaked Facebook users’ data released it for free in a low-level hacking forum. The data has personal information such as Facebook IDs, phone numbers, and full bios on more than 500 million Facebook users.
This included data on users from 106 countries, making this the most significant Facebook data breach so far.
Affected Users Could Fall Prey to Cyber Attacks
A Facebook spokesperson said the leak was due to a vulnerability Facebook patched in 2019.
According to Alon Gal, CTO of Hudson Rock, a cybercrime intelligence platform, the data still held valuable information on users despite being a few years old. Users were at risk of running into scams or impersonation attempts using their data.
Gal, who had first discovered the leak and the enormous damage that came with it, tweeted:
“All 533,000,000 Facebook records were just leaked for free.”
People with malicious intent could use the information for
- social engineering,
- scamming, hacking, and
The exposed data first found its way into a hackers’ forum in January 2021.
A user marketed a bot that could unmask the phone numbers of millions of Facebook users for a price.
Motherboard Tech by Vice reported this, stating the bot reveals a corresponding Facebook ID when the user enters a number. The bot claimed to have personal data on users from Canada, U.K, U.S, Australia, and a few other countries.
This is not the first time Facebook suffered a data breach of this scale.
Recall that the Cambridge Analytica saga of 2018 violated Facebook’s terms of service, revealing the data of over 80 million users scraped off of their servers.
Facebook Argues the Data Breach is Old News
In their recent press release on April 6, 2021, Facebook admits that they’re aware of the data breaches. They claimed malicious actors had access to user information from their contact importer before September 2019.
In Facebook’s defense, “this feature helped people find their friends to connect with…”. Plus, the leaked information did not contain passwords, financial or health information.
However, experts argue the breach is quite grave even if it didn’t contain passwords, as identifiers don’t change often.
“The data is never old for data brokers,” says Rob Shavell, CEO of DeleteMe, a consumer data protection company. “It helps them correlate related information, dump them into new profiles, and sell online for as little as 99 cents.”
This privacy breach also sheds light on Facebook’s monopoly on users’ data, leaving them with fewer options since they already own alternatives like Whatsapp and Instagram.
Answers sought from the social tech giant reveals that there isn’t much they can do to help users remedy the situation, anyway.
In their press release, they’d advised users to update their privacy settings on How People Find and Contact You and enable two-factor authentication on their platform.
Beyond Facebook’s Data Scandal
Although there isn’t much you or anyone can do about Facebook’s (as well as most others’) privacy breach, you can take the initiative to secure your data when hosting your website.