533M Facebook Users Fall Victim to Hacking; Hacker Publishes Phone Numbers, Steals their Personal Data
On Apr. 3, a user in a low level hacking forum posted the phone numbers and the personal data of 533 million Facebook users for free.
The exposed data includes the personal information of users
from 106 countries, including more than 32 million records on users in the
United States, 11 million on users in the UK, and 6 million on users in India.
The hacking included Facebook IDs, phone numbers, locations,
full names, bios, birthdates, and email addresses.
Facebook users attacked by hacker
Business Insider reviewed a sample of the leaked data and
verified the records by matching known Facebook users' phone numbers with the
IDs that are listed in the data set.
The publication also verified records by testing the email
addresses from the data set in Facebook's password reset feature, which can be
used to reveal the phone number of the Facebook user.
A Facebook spokesperson told Business Insider that the data
was scraped because of a vulnerability that Facebook patched back in 2019.
The fact that the data seems to have been obtained through
scraping is bound to shake some nerves at the Facebook headquarters, which has
faced outrage over scraping incidents in the past.
According to Gizmodo, the most infamous scraping incident
has been the Cambridge Analytica scandal, in which the analytics firm harvested
user data of millions of users without their consent and used it to predict and
to influence the users at the polls.
The director of strategic response communications at
Facebook, Liz Bourgeois, posted on Twitter on Apr. 3 that this is old data that
was previously reported on in 2019.
She said that they found and fixed the issue back in August
2019.
Facebook's security
Although it is a couple of years old, the leaked data could
give valuable information to cybercriminals who use people's personal
information to impersonate them or to scam them into handing over login
credentials, as per Alon Gal, CTO of cybercrime intelligence firm Hudson Rock,
who discovered the whole trough of leaked data online.
Gal told Business Insider that the database of that size
containing the private information like phone numbers of a lot of Facebook's
users would definitely lead to people taking advantage of the data to perform
social engineering attacks or hacking attempts.
Gal first discovered the leaked data back in January when a
user in the same hacking forum advertised an automated bot that could give
phone numbers Facebook users in exchange for a certain amount of money.
The Motherboard reported on that bot's existence at the time
and verified that the data was real. The whole dataset has been posted on the
hacking forum for free, making it available to anyone with rudimentary data
skills.
Cybersecurity expert stated that there is not much that
Facebook can do to help users at this point since the data is already out there
besides letting them know that it happened and telling them to be careful of
scams.
But there are still some questions that are unanswered.
Will Facebook do more to protect the users? Even if the data
is from 2019, it is still dangerous for Facebook users.
Comments
Post a Comment