533 Million Facebook Users Had Their Data Stolen and Leaked Online

Facebook Data Stolen and Leaked Online

On Saturday, April 3rd, a user from a hacking forum published the personal data from more than 500 million Facebook users. The hacked and published data were available at the forum for free and includes the telephone number, locations, bios, birthdates, and even email addresses.

According to what was analyzed, the data stolen is from users located in 106 different countries – including 32 million in the US, 11 million in the UK, 6 million in India, and around 3 million in Canada.

Alon Gal, the CTO of Hudson Rock, a very well-known cybercrime intelligence firm, was the first to discover the leak on Saturday. He first tweetedAll 533,000,000 Facebook records were just leaked for free. This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.”

Later on the same day, Gal gave Business Insider an interview and confirmed the leak and the worries of such a huge database being leaked for free, “A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social-engineering attacks or hacking attempts“.

Facebook Statement About the Leak

The communication chief from Facebook published an explanation on her Twitter page. Liz Bourgeois wrote, “This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019.”

So, even though the data is from 2019, it’s still affecting those 533 million users, and it’s a powerful tool for cybercriminals looking at the user’s personal information as the data is active and personal.

Facebook Cloud

And as the data is already leaked, Alon Gal confirmed that there wasn’t much Facebook could do to help the affected users. Maybe a simple notification to let users know that they should be careful with possible frauds or phishing schemes with their personal information.

And on Sunday, Andy Stone, a Facebook spokesperson told CNN that, “In 2019, we removed people’s ability to directly find others using their phone number across both Facebook and Instagram – a function that could be exploited using sophisticated software code, to imitate Facebook and provide a phone number to find which users it belonged to.”

Still, Facebook gave no information on whether they notified the users that their data got leaked or not. Because, as Alon Gal told Insider,Individuals signing up to a reputable company like Facebook are trusting them with their data, and Facebook is supposed to treat the data with the utmost respect. Users having their personal information leaked is a huge breach of trust and should be handled accordingly.

How to Find Out if Your Data Got Leaked

Unfortunately, it’s difficult to find out if your phone number got leaked in any hack attack like the one on Facebook. But it’s possible to check other personal data, especially your email address, on websites like HaveIBeenPwned.com, that cross your information with other accounts to warn you if your details got leaked online and where they were leaked.

But to keep yourself secure, it’s important to always change your passwords, use a password manager, and set up the two-factor authentication on the websites where that is possible.

The password manager will create longer and safer passwords for your accounts while preventing any possible password-related breaches, and two-factor authentication is a method of accessing websites and apps only after presenting two or more pieces of evidence of your identity – it can be a password, a PIN, a security token, fingerprints, face scanning, voice, and so on.

By Gary Bernstein

Gary Taylor
Hybrid Worker Risks Organizations are under pressure to secure their remote workers, but they are also worried about the potential impact on user experience. Can they have it both ways without compromise? The pandemic has ...
Gilad David Maayan
What Is SSPM? SaaS Security Posture Management (SSPM) is a set of security tools that an organization’s security team can use to gain visibility and manage security for their Software as a Service (SaaS) applications ...
Gary Bernstein
Using Data to Gain Advantages Data collection is now omnipresent in every sector of the global economy. Several aspects of modern economic activity would not be possible without it, just as it would not be ...
Gary Bernstein
Managing Your Internal IT Your company's internal IT team is responsible for keeping things running smoothly, and they deserve all the support you can give them. Here are ten ways to make their lives easier ...
Gilad David Maayan
Azure Storage Pricing Introduction to Azure Storage Services Azure Storage is a set of cloud storage services provided by Microsoft as part of the Azure public cloud. It offers highly scalable object storage, file systems ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.