On Saturday, April 3rd, a user from a hacking forum published the personal data from more than 500 million Facebook users. The hacked and published data were available at the forum for free and includes the telephone number, locations, bios, birthdates, and even email addresses.
According to what was analyzed, the data stolen is from users located in 106 different countries – including 32 million in the US, 11 million in the UK, 6 million in India, and around 3 million in Canada.
Alon Gal, the CTO of Hudson Rock, a very well-known cybercrime intelligence firm, was the first to discover the leak on Saturday. He first tweeted “All 533,000,000 Facebook records were just leaked for free. This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.”
Later on the same day, Gal gave Business Insider an interview and confirmed the leak and the worries of such a huge database being leaked for free, “A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social-engineering attacks or hacking attempts“.
The communication chief from Facebook published an explanation on her Twitter page. Liz Bourgeois wrote, “This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019.”
So, even though the data is from 2019, it’s still affecting those 533 million users, and it’s a powerful tool for cybercriminals looking at the user’s personal information as the data is active and personal.
And as the data is already leaked, Alon Gal confirmed that there wasn’t much Facebook could do to help the affected users. Maybe a simple notification to let users know that they should be careful with possible frauds or phishing schemes with their personal information.
And on Sunday, Andy Stone, a Facebook spokesperson told CNN that, “In 2019, we removed people’s ability to directly find others using their phone number across both Facebook and Instagram – a function that could be exploited using sophisticated software code, to imitate Facebook and provide a phone number to find which users it belonged to.”
Still, Facebook gave no information on whether they notified the users that their data got leaked or not. Because, as Alon Gal told Insider, “Individuals signing up to a reputable company like Facebook are trusting them with their data, and Facebook is supposed to treat the data with the utmost respect. Users having their personal information leaked is a huge breach of trust and should be handled accordingly.”
Unfortunately, it’s difficult to find out if your phone number got leaked in any hack attack like the one on Facebook. But it’s possible to check other personal data, especially your email address, on websites like HaveIBeenPwned.com, that cross your information with other accounts to warn you if your details got leaked online and where they were leaked.
But to keep yourself secure, it’s important to always change your passwords, use a password manager, and set up the two-factor authentication on the websites where that is possible.
The password manager will create longer and safer passwords for your accounts while preventing any possible password-related breaches, and two-factor authentication is a method of accessing websites and apps only after presenting two or more pieces of evidence of your identity – it can be a password, a PIN, a security token, fingerprints, face scanning, voice, and so on.
By Gary Bernstein