Silicon Valley, CA (GNB Tech) – A Facebook data breach is hitting once again, and it impacted roughly 533 million users.
Alon Gal, CTO of cyber intelligence firm Hudson Rock first reported data leaks in January 2021. In the latest reports, a lot more user information appears to be available including email ID, full names, locations, birthdates, etc. Hackers have put up the information for sale.
The personal data of 533 million Facebook users in more than 106 countries was found to be freely available online last weekend. The data trove, uncovered by security researcher Alon Gal, includes phone numbers, email addresses, hometowns, full names, and birth dates.
“All 533,000,000 Facebook records were just leaked for free. This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked. I have yet to see Facebook acknowledging this absolute negligence of your data”, Alon Gal tweeted on April 3.
Initially, Facebook claimed that the data leak was previously reported on in 2019 and that it had patched the vulnerability that caused it that August. But in fact, it appears that Facebook did not properly disclose the breach at the time. The company finally acknowledged it on Tuesday, April 6, in a blog post by product management director Mike Clark.
In the blog post, Clark said that Facebook believes the data in question was scraped from people’s Facebook profiles by malicious actors using our contact importer prior to September 2019. This feature was designed to help people easily find their friends to connect with on our services using their contact lists.
What Happened ? Facebook says:
We believe the data in question was scraped from people’s Facebook profiles by malicious actors using our contact importer prior to September 2019. This feature was designed to help people easily find their friends to connect with on our services using their contact lists.
When we became aware of how malicious actors were using this feature in 2019, we made changes to the contact importer. In this case, we updated it to prevent malicious actors from using software to imitate our app and upload a large set of phone numbers to see which ones matched Facebook users. Through the previous functionality, they were able to query a set of user profiles and obtain a limited set of information about those users included in their public profiles. The information did not include financial information, health information or passwords.
Keeping Your Account Safe, Facebook says:
Scraping data using features meant to help people violates our terms. We have teams across the company working to detect and stop these behaviors.
We’re focused on protecting people’s data by working to get this data set taken down and will continue to aggressively go after malicious actors who misuse our tools wherever possible. While we can’t always prevent data sets like these from recirculating or new ones from appearing, we have a dedicated team focused on this work.
While we addressed the issue identified in 2019, it’s always good for everyone to make sure that their settings align with what they want to be sharing publicly. In this case, updating the “How People Find and Contact You” control could be helpful. We also recommend people do regular privacy checkups to make sure that their settings are in the right place, including who can see certain information on their profile and enabling two-factor authentication.
A global media for the latest news, entertainment, music fashion, and more.
