On Saturday, April 3, a report by Insider announced that over 500 million personal data accounts from Facebook had been exposed online for free in a low-level hacking forum.
Facebook was quick to respond, releasing a statement, and with Liz Bourgeois, director of strategic response communications at Facebook, repeating this on Twitter on Saturday.
“This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019,” she said. However, this doesn't make the hack any less threatening for most. Here's what you need to know.
What sort of information was leaked?
The data leaked reportedly includes Facebook IDs, full names, bios, and, in some cases, email addresses, 32 million users from the U.S., 11 million from the UK, and 6 million from India.
Insider verified a series of records “by matching known Facebook users’ phone numbers with the IDs listed in the data set.” The media outlet also typed in exposed email addresses into Facebook’s password reset feature, which shares part of a user’s phone number to further verify that the data was indeed accurate.
Alon Gal, CTO of Hudson Rock, a cybercrime intelligence firm in Israel first discovered the leak on Saturday and told Insider that even though the data is old, threat actors can still harm people with it via the use of social engineering attacks or hacks.
All 533,000,000 Facebook records were just leaked for free.— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.
I have yet to see Facebook acknowledging this absolute negligence of your data. https://t.co/ysGCPZm5U3 pic.twitter.com/nM0Fu4GDY8
Facebook has had other data scandals in the past like the Cambridge Analytica one where some 1.1 million UK-based users had their personal details exposed.
Facebook was also the target of a data breach affecting up to 50 million users in September of 2018.
At this point, there's not much Facebook can do to help victims of this hack. The best it can do is to educate the public about potential dangers they might face. So, the responsibility falls on the shoulders of the end-user once more.