The news of a data leak by Facebook has made a comeback. Facebook data of approximately 533 million users was recently leaked. In January 2021, Alon Gal, CTO of Hudson Rock, a cyber intelligence agency, first took notice of this and reported that an automated bot was selling the phone number of millions of Facebook users at a price.
Data leaked online
However, according to the recent reports, it is not just phone numbers that were made public. The data leaked contained personal information such as profile names, email IDs, locations, among other things. What makes this data leak so alarming is that the private information of users is now easily available to hackers, scammers, spammers and phishers.
It is reported that information of users from over 106 countries was compromised. Among them more than 32 million accounts belonged to citizens of the USA, 11 million to UK citizens and 6 million to Indians.
Is it a repetition of history?
Facebook had pledged to investigate and fix the mass data-scraping issue after the Facebook–Cambridge Analytica data scandal in 2016 wherein personal data of approximately 80 million Facebook users was obtained without their consent by Cambridge Analytica, a British consulting firm for the purpose of political advertising.
Response of Facebook
According to a Facebook spokesperson, the data was reported previously in 2019 and that the underlying vulnerability of the company was patched in August of the same year. However, even if it is old data, it is valuable information that would land up in the hands of cybercriminals who would manipulate it to scam or hurt people. Gal said, “A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks [or] hacking attempts.”
According to Gal, there is not a lot Facebook can do from the standpoint of security to help the users from the breach as their data is already leaked. However, it is the moral responsibility of the company to notify its users to be vigilant and beware of the possible use of their data for frauds and phishing schemes.
What can you do to ensure your privacy?
While there is little way of knowing if one’s data has been leaked, there are websites that provide the users an option to check if their email address has been a part of any data breach. “Have I Been Pwned” is one such web tool that allows the users to check across various data breaches to know if their email address has been compromised.
While data leaking is out of one's control, personal data can be protected by updating passwords at regular intervals, using Activate Two-Factor Authentication and keeping an eye on suspicious messages, emails and phone calls. When people sign up for social networking sites such as Facebook, they entrust their confidential data with the companies. Such incidents of data leaks call for strict legal actions against the companies.
This article has been written by Ruchira Sarma for The Paradigm.
See you next time…