Just kidding on the “ho hum” part. But do any of us believe that our personal data is protected anymore? If you’re a Facebook user, the latest Facebook data leak indicates that it probably isn’t.
According to Insider (533 million Facebook users’ phone numbers and personal data have been leaked online, written by Aaron Holmes), a user in a low-level hacking forum on Saturday published the phone numbers and personal data of hundreds of millions of Facebook users for free.
The exposed data includes the personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and, in some cases, email addresses.
Yeesh.
Insider reviewed a sample of the leaked data and verified several records by matching known Facebook users’ phone numbers with the IDs listed in the data set. They also verified records by testing email addresses from the data set in Facebook’s password-reset feature, which can be used to partially reveal a user’s phone number.
A Facebook spokesperson told Insider that the data had been scraped because of a vulnerability that the company patched in 2019.
While it’s a couple of years old, the leaked data could prove valuable to cybercriminals who use people’s personal information to impersonate them or scam them into handing over login credentials, according to Alon Gal, the chief technology officer of the cybercrime intelligence firm Hudson Rock, who discovered the trough of leaked data on Saturday. Gal’s Twitter post noted that “if you have a Facebook account, it is extremely likely the phone number used for the account was leaked”.
Gal discovered the leaked data in January when a user in the same hacking forum advertised an automated bot that could provide phone numbers for hundreds of millions of Facebook users for a price. Motherboard reported on that bot’s existence at the time and verified that the data was legitimate.
Now the data set has been posted on the hacking forum for free, making it available to anyone with rudimentary data skills.
This article on Inc. from Jason Aten analogized the latest Facebook data leak this way: “Imagine if robbers were able to steal the contents of a bank vault because someone left the door open and unguarded (which is basically what Facebook did with your personal information). That would be bad. It would be even worse if the bank’s response after the fact was ‘yeah, we know that a bunch of your money is gone, but we’ve closed the vault and changed the combination.’”
Facebook vowed to crack down on mass data-scraping after Cambridge Analytica scraped the data of over 80 million users in violation of Facebook’s terms of service to target voters with political ads in the 2016 election. This latest Facebook data leak was over 6 1/2 times that. Again, yeesh.
So, what do you think? Do you feel that your personal data is already out in the open, exposed to hackers? I do. Please share any comments you might have or if you’d like to know more about a particular topic.
Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.