Facebook was at the center of a data privacy storm over the weekend after a hacker published 533 million users’ details on a low-level hacking forum.
The data was downloadable for free and allowed anyone downloading it to look up a Facebook user's record using their phone number.
The records, representing roughly a fifth of the company's entire user base, contained users' phone numbers, Facebook IDs, full names, previous locations, birth dates, relationship status, and biographies. It also includes some of their email addresses.
Alon Gal, chief technology officer of cyber crime intelligence company Hudson Rock, tweeted the news on Saturday after discovering the data posted for free on a forum. It followed a tweet he posted in January this year, warning that a vulnerability had allowed the database to be created in early 2020. The January tweet warned that the user had created a Telegram bot that would allow anyone to query the database for a low fee, allowing people to find phone numbers linked to many Facebook accounts.
The January tweet showed the data breach contained 32.3 million US Facebook accounts, representing just under 10% of the entire US population.
RELATED RESOURCE
IT Pro 20/20: Meet the companies leaving the office for good
The 15th issue of IT Pro 20/20 looks at the nature of operating a business in 2021
According to a statement Facebook sent to Business Insider, the first outlet to report the news, these stolen credentials aren’t new. Facebook said that it stemmed from a vulnerability it patched in 2019. However, once the hacker stole the data from its network, little can the company do to stop it from spreading online.
"Bad actors will certainly use the information for social engineering, scamming, hacking and marketing," Gal said on Twitter.
Security research Troy Hunt added the data to his website over the weekend to allow people to see if their email addresses are part of the breach. At the time of this writing, he hadn’t yet entered the stolen phone numbers and was considering what to do with that information.
This isn’t the first time Facebook has come under fire for privacy and security issues. In 2019, the FTC fined Facebook $5 billion for misleading users over how it shared their data with third parties and for failing to change its privacy practices following a 2011 FTC settlement.
-
Why keeping track of AI assistants can be a tricky businessColumn Making the most of AI assistants means understanding what they can do – and what the workforce wants from them
-
Nvidia braces for a $5.5 billion hit as tariffs reach the semiconductor industryNews The chipmaker says its H20 chips need a special license as its share price plummets
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolenCapita told the pension provider to “work on the assumption” that data had been stolen
-
Gumtree site code made personal data of users and sellers publicly accessibleNews Anyone could scan the website's HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website
-
Pizza chain exposed 100,000 employees' Social Security numbersNews Former and current staff at California Pizza Kitchen potentially burned by hackers
-
83% of critical infrastructure companies have experienced breaches in the last three yearsNews Survey finds security practices are weak if not non-existent in critical firms
-
Identity Automation launches credential breach monitoring serviceNews New monitoring solution adds to the firm’s flagship RapidIdentity platform
-
Neiman Marcus data breach hits 4.6 million customersNews The breach took place last year, but details have only now come to light
-
Indiana notifies 750,000 after COVID-19 tracing data accessedNews The state is following up to ensure no information was transferred to bad actors
-
Pearson fined $1 million for downplaying severity of 2018 breachNews The SEC found the London-based firm made “misleading statements and omissions” about the intrusion
