Personal details of over 533 million Facebook users have been leaked to the web and made freely available for hackers to exploit. News of the breach was first reported by Business Insider on 3rd March 2021 who asserted that the leaked data includes:
- phone numbers, full names, location, email address, and biographical information
The leak itself was discovered by Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, who posted the following on Twitter:
Individuals signing up to a reputable company like Facebook are trusting them with their data and Facebook [is] supposed to treat the data with utmost respect. Users having their personal information leaked is a huge breach of trust ~ Alon Gal
The leak affects Facebook users across 106 countries, including 32 million in the United States, 11 million in the United Kingdom, 7 million in Australia, and 6 million in India. While it appears that the leaked data is 2- 3 years old, much of the information would still be relevant today and security experts are warning that the data could easily be exploited by hackers to impersonate and/or scam people.
Facebook is accumulating quite the history of data leak scandals. In 2018 the Cambridge Analytica scandal revealed that the British consulting company had collected personal data from 87 million Facebook users without their knowledge or consent. And in In December 2019, a Ukrainian security researcher reported finding a database with the names, phone numbers and unique user IDs of more than 267 million Facebook users — almost all US-based — freely available on the open internet.
At the time of writing this article, Facebook has yet to acknowledge this latest data leak. From a security standpoint, there’s not much Facebook can do to help users affected by the breach anyway since their data is already out in the open. However, DCT suggests that it might be a wise precaution to change your Facebook password ASAP.
—
Another smart thing anyone should do is remove your phone number from any online service that you have whenever possible. Many services require that you enter a phone number when setting them up, but you can remove the number after.
Jim,
One more thing, on https://haveibeenpwned.com/ you can check your phone number and email to see if it was included in this breach (or some past breaches too)
JD
Thanks Jim,
I never cease to be amazed at the large amount of personal and private information which billions of people spread all over the ‘Internet Highway’ on which Facebook travels.
Jonno 🙂