FACEBOOK PERSONAL DATA FREEFALL

In early April this year, the personal Facebook data of over half a billion registered users was leaked online by a low-level hacking forum. The data included full names, phone numbers, email addresses, and biological information of more than 533,000,000 Facebook fans in 106 countries. 32 million records on users in the United States were leaked, while 11 million users in the UK were victims of the hacking, along with 6 million people in India.

OLD DATA BUT STILL VALID

A spokesperson from Facebook disclosed to Insider that the data was old and was scrapped in 2019 due to a vulnerability then patched by the social media giant. Insider reviewed a sample of the breached data and:

  • verified several records by matching users’ telephone numbers with the IDs listed in the data set
  • verified records by testing leaked email addresses from the data set using Facebook’s password reset feature that partially reveals users phone numbers

So the data may be historical, but email addresses and phone numbers are still valid.

CAN FACEBOOK BE TRUSTED?

On 3 April, Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, discovered the entire collection of leaked data. The information is now widely available to anybody having rudimentary data access and manipulation skills. Gal said:

“Individuals signing up to a reputable company like Facebook are trusting them with their data and Facebook [is] supposed to treat the data with utmost respect. Users having their personal information leaked is a huge breach of trust and should be handled accordingly.” 

CAN FACEBOOK HELP?

Now that the information is out there, there’s not much Facebook can do from a security standpoint. Potentially, the data can be used by any hacker wanting to create false IDs, proliferate further hacking, or add even more headaches to a world abound with cybersecurity criminal mischief. Gal added:

“A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks [or] hacking attempts.”