FACEBOOK PERSONAL DATA EXPOSED
To my mind, 533,000,000 is a very big number. That’s how many Facebook users had their personal data exposed on 3 April 2021. Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, first discovered the entire assembly of leaked data online when it was published by a user in a low-level hacking forum. Gal first discovered the premise behind the leaked data in January. A user in the same hacking forum advertised an automated bot that could provide phone numbers for hundreds of millions of Facebook users in exchange for a price. This month, a user posted the whole dataset for free. Anybody, and I mean anybody, with basic data accessing skills can get their hands on the information. In a nutshell, personal Facebook data is no longer personal.
533,000,000 USERS IN 106 COUNTRIES
The hacked data included more than 533 million users. Over half a billion Facebook account holders have had their full names, Facebook IDs, locations, birth dates, bios, and email addresses exposed. The breach targeted users in 106 countries, 32 million in the United States, 11 million in the UK, and 6 million in India.
IS THE DATA REAL?
Facebook told Insider that the data was historical and had been scrapped due to a vulnerability that was patched in 2019. Nevertheless, the data is still real and valid, as proven by Insider who:
- verified several records by matching users’ telephone numbers with the IDs listed in the data set
- verified records by testing leaked email addresses from the data set using Facebook’s password reset feature that partially reveals users phone numbers
IS THE DATA WORTH ANYTHING?
Silly question! In the right hands, or rather the wrong hands, this massive trough of leaked data is worth a small fortune. Here are some wise words from Alon Gal:
“A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks [or] hacking attempts.”
I couldn’t agree more.
FACEBOOK FRAUGHT WITH CYBERSECURITY ISSUES
This leak isn’t the first for Facebook, and I doubt it will be the last. The social media giant has grappled with data security issues for several years. In 2018, it disabled a feature that allowed users to search for one another via phone numbers. This was a consequence of the political firm Cambridge Analytica accessing information on 87 million users without their knowledge or consent. In December 2019, a Ukrainian security researcher found a database containing the names, phone numbers and unique IDs of 267 million Facebook users, freely available on the web.
CAN FACEBOOK BE TRUSTED?
While Facebook’s intentions, other than making a lot of money, might be honourable, can the company honestly be trusted with your data? Maybe it could be forgiven for one leak, at the most two. But three times a charm, I think not. Facebook has much to answer for. Let’s sign off with the words of Alon Gal. Words getting my full support:
“Individuals signing up to a reputable company like Facebook are trusting them with their data and Facebook [is] supposed to treat the data with utmost respect. Users having their personal information leaked is a huge breach of trust and should be handled accordingly.”