The data from a very significant data breach at Facebook from 2019 re-emerged over the weekend. It involved the leaking of personal details of more than 533 million users, including 7 million Australians. Facebook applied the “nothing to see here” defence, saying the leak was old.
Information including full names, mobile phone numbers, email addresses, locations and birthdates have been found on a web site for hackers, which is more than enough information for cybercriminals to leverage for identity theft and scamming.
Cybercrime Intelligence company Hudson Rock’s Co-Founder and Chief Technology Officer Alon Gal first identified the leak in January 2021, though he was able to surface the full scale of data exposed on Saturday.
Facebook’s Director of Strategic Response Communications, Liz Bourgeois, tweeted that the issue was “found and fixed” in August of 2019. In response to this statement, Gal suggested that users are “fed up” with the mismanagement of their private information.
According to a tweet by Gal, “533,000,000 accounts having their personal information leaked is apparently considered ‘fixed’ by Facebook’s definitions.
“Facebook needs to acknowledge this breach and not with just a ‘we value your information’ statement.”
Though Facebook may have addressed the flaw in its technology that exposed the data to hackers, much of the information that has already escaped the network cannot be re-secured.
According to Gal, hackers can still utilise this information for phishing, impersonation or other forms of cybercrime.
“A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social-engineering attacks [or] hacking attempts,” Gal said.
For users concerned that their account may have been caught up in the leak, there are a number of resources available to check if your details were exposed.
The site www.haveibeenpwnd.com is a database that cross-references your email with 10 billion breached accounts. Simply enter your email and if it has been compromised, immediately change your passwords and set up two-factor authentication.
The News Each Day claims its tool will find out if your phone number has been exposed in the leak. According to Gizmodo, enter your phone number including the international country code, and it will determine if your number has been leaked as part of the Facebook data breach.