A large cache of personal data from more than 500 million Facebook users was published on a hacker forum – one of the biggest data breaches the social network has ever experienced.
The database, published on a hacker forum, contains the personal information of hundreds of millions of Facebook users worldwide. The data, discovered on Saturday, has the potential to be used for a variety of crimes, including other hacks and social engineering. Alon Gal, CTO of cybercrime research firm Hudson Rock, told Business Insider explained, the data contained users' full names, as well as Facebook IDs, locations, birth dates, biographies, phone numbers, and email addresses. A selection of records from the cache were checked using Facebook's password reset feature and found to be authentic. Over 533 million users are listed in the data, covering 106 countries. Over 32 million of the records come from users in the US, 11 million from the UK, and 6 million from India. It is therefore safe to assume that users in Germany, Austria, and Switzerland are also affected. Gal explains:
A database of this size, containing private information such as phone numbers of many Facebook users, would certainly lead to bad actors exploiting the data.
Facebook data breach: Users must remain vigilant
What might be frustrating for affected Facebook users: Gal first spotted a user on the hacker forum in January promoting an automated bot that claimed to be able to harvest the phone numbers of millions of users. It appears that the dataset collected by this bot was posted for free on the forum, so it was freely available to anyone. At this point, Gal believes there is little Facebook can do now that the data is out there, other than notify users to be vigilant for phishing schemes or scams using their personal information. Gal continues:
People who sign up with a reputable company like Facebook are trusting them with their data, and Facebook should treat that data with the utmost respect. When users give out their personal information, it is a major breach of trust and should be treated accordingly.
Facebook has not yet commented publicly on the new data cache. This is by no means the first major lapse in data protection at Facebook - but it is one of the worst. In 2018, it became known that the analytics firm Cambridge Analytica was using a quiz app to collect data from users and connected friends, sometimes without consent.
Facebook and data protection: A big risk
The data was then used to create voter profiles for around 71 million Americans, which were allegedly used in the 2016 presidential race. Among other fines and sanctions, Facebook reached a settlement to end a Federal Trade Commission investigation into the matter in 2019, paying a $5 billion penalty and agreeing to new restrictions on how it handled private data. At the time, Facebook claimed it had made "great progress on privacy" and insisted it would be "more robust" in identifying, assessing and mitigating privacy risks. In April 2019, security researchers found several cases of Facebook user data being made publicly available on third-party Amazon cloud servers. In one case, a firm openly stored 540 million Facebook records before being shut down by Facebook. (Photo by surakub888 / Bigstockphoto)
