Over 500m Facebook Users' Data Posted On A Hacking Website

Over 533 million accounts from 106 countries that contain phone numbers, full names, locations, email addresses and other sensitive information have been found posted publicly in a hacking forum. The data leak involving personal details of hundreds of millions of Facebook users is being reviewed by Ireland's Data Protection Commission (DPC).  The database is believed to contain a mix of Facebook profile names, phone numbers, locations and other facts about more than 530 million people. 

Facebook says the data is "old", from a previously-reported leak in 2019, but the Irish DPC said it will work with Facebook, to make sure that is the case. Ireland's regulator is critical to such investigations, as Facebook's European headquarters is in Dublin, making it an important regulator for the EU. 

The most recent data dump appears to contain the entire compromised database from the previous leak, which Facebook said it found and fixed more than a year and a half ago.There are records for more than 32 million accounts in the United States, 11 million in the United Kingdom, and 6 million in India.  Threat intelligence expert Alon Gal has pointed that the way the data was sorted and posted on the hacking site this week makes it far more accessible for criminals to exploit.

Speaking to CNN Rachel Tobac, the CEO of security training firm SocialProof Security said "These are the pieces of data cyber criminals spend time searching for to perform social engineering attacks - but now they're all in one place and easily accessible in this leak, which makes social engineering quicker and easier."

If you want to check your phone number against the leaked Facebook database, you can try using a tool created by the  website The News Each Day, in which you input your phone number to find out whether it’s part of the breach. Alternatively, from 7th April people can use the well known Have I Been Pwned online tool to check if their numbers or emails were compromised.

Whether or not your details show up using the search tool to find out that your data has been compromised, some of the recommended steps to take include:

  • Change the passwords of compromised sites,
  • Use a password manager so that you can create and track unique passwords for each site. 
  • Set up two-factor authentication (2FA) in any online service that offers it, to access your account or change your details.

Facebook has previously said it would crack down on mass data-scraping after Cambridge Analytica used over 80 million of Facebook user’s data, claimed to be in violation of Facebook's terms of service, to target voters with political ads in the 2016 election. Following this most recent episode of Facebook's careless exposure of user confidentiality, it remains to be seen what regulatory action, in Ireland or anywhere else, will result.   

TechRadar:    Gizmodo:     Business Insider:    The Verge:    Techcrunch:    TheNewsEachDay

  BBC:       CTV:      Image: Unsplash

You Might Also Read:

Ireland's Privacy Regulator Is Investigating Instagram:

 

« The Satanic Mills of the Fourth Industrial Revolution
Cybersecurity For Financial Services: Latest Trends For Fraud Prevention »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ITpreneurs

ITpreneurs

ITpreneurs provides IT training content, Instructors, Learning Infrastructure and services to IT Training providers.

Nixon Peabody LLP

Nixon Peabody LLP

Nixon Peabody LLP is an international law firm with offices across the USA, Europe and Asia. Practice areas include Data Privacy and Cyber Security.

Agari

Agari

Agari is the Trusted Email Identity Company™, protecting brands and people from devastating phishing and socially-engineered attacks.

Aveshka

Aveshka

Aveshka is a professional services firm focused on addressing complex threats and challenges including Cybersecurity and Information Technology.

AVL Mobile Security

AVL Mobile Security

AVL Mobile Security is a market-leading mobile security company for anti-virus and threat intelligence in the mobile Internet.

Securitybulls

Securitybulls

Securitybulls is an information security firm offering an encyclopedic penetration testing & IT security assessment service for your organization.

Cingo Solutions

Cingo Solutions

Cingo Solutions is a Managed Detection & Response company providing specialized data security services.

Dale Peterson

Dale Peterson

Dale Peterson, a leading ICS security and control system IT information expert, provides consulting services to assess and improve the security of SCADA and DCS.

M12

M12

M12 (formerly Microsoft Ventures) is the corporate venture capital subsidiary of Microsoft.

ST Engineering Antycip

ST Engineering Antycip

ST Engineering Antycip (formerly Antycip Simulation) is Europe’s leading provider of professional grade COTS simulation software, projection & display systems, and related engineering services.

US Digital Corps

US Digital Corps

The U.S. Digital Corps is a new two-year fellowship for early-career technologists where you will work every day to make a difference in critical impact areas including cybersecurity.

Abu Dhabi Gov Digital

Abu Dhabi Gov Digital

Gov Digital (formerly Abu Dhabi Digital Authority - ADDA) enable, support and deliver a digital government that is proactive, personalised, collaborative and secure.

Infuse Technology

Infuse Technology

Infuse Technology provide the highest level of cybersecurity support, implementing practical solutions to protect against cyber-attacks, from simple phishing scams to complex data security breaches.

Iris Powered by Generali

Iris Powered by Generali

Iris Powered by Generali is an identity theft resolution provider. Our offering combines expert assistance and support with user-friendly identity protection technology.

Hubble

Hubble

Hubble grew from the idea that legacy solutions were failing to provide organizations with the asset visibility they needed to effectively secure and operate their businesses.

Cyabra

Cyabra

Cyabra is leading the fight against disinformation. Our AI shields companies and the public sector by uncovering malicious actors, bot networks, and GenAI content.