Over 500m Facebook Users' Data Posted On A Hacking Website

Uploaded on 2021-04-06 in TECHNOLOGY-Key Areas-Social Media, TECHNOLOGY--Hackers, FREE TO VIEW

Over 533 million accounts from 106 countries that contain phone numbers, full names, locations, email addresses and other sensitive information have been found posted publicly in a hacking forum. The data leak involving personal details of hundreds of millions of Facebook users is being reviewed by Ireland's Data Protection Commission (DPC).  The database is believed to contain a mix of Facebook profile names, phone numbers, locations and other facts about more than 530 million people. 

Facebook says the data is "old", from a previously-reported leak in 2019, but the Irish DPC said it will work with Facebook, to make sure that is the case. Ireland's regulator is critical to such investigations, as Facebook's European headquarters is in Dublin, making it an important regulator for the EU. 

The most recent data dump appears to contain the entire compromised database from the previous leak, which Facebook said it found and fixed more than a year and a half ago.There are records for more than 32 million accounts in the United States, 11 million in the United Kingdom, and 6 million in India.  Threat intelligence expert Alon Gal has pointed that the way the data was sorted and posted on the hacking site this week makes it far more accessible for criminals to exploit.

Speaking to CNN Rachel Tobac, the CEO of security training firm SocialProof Security said "These are the pieces of data cyber criminals spend time searching for to perform social engineering attacks - but now they're all in one place and easily accessible in this leak, which makes social engineering quicker and easier."

If you want to check your phone number against the leaked Facebook database, you can try using a tool created by the  website The News Each Day, in which you input your phone number to find out whether it’s part of the breach. Alternatively, from 7th April people can use the well known Have I Been Pwned online tool to check if their numbers or emails were compromised.

Whether or not your details show up using the search tool to find out that your data has been compromised, some of the recommended steps to take include:

  • Change the passwords of compromised sites,
  • Use a password manager so that you can create and track unique passwords for each site. 
  • Set up two-factor authentication (2FA) in any online service that offers it, to access your account or change your details.

Facebook has previously said it would crack down on mass data-scraping after Cambridge Analytica used over 80 million of Facebook user’s data, claimed to be in violation of Facebook's terms of service, to target voters with political ads in the 2016 election. Following this most recent episode of Facebook's careless exposure of user confidentiality, it remains to be seen what regulatory action, in Ireland or anywhere else, will result.   

TechRadar:    Gizmodo:     Business Insider:    The Verge:    Techcrunch:    TheNewsEachDay

  BBC:       CTV:      Image: Unsplash

You Might Also Read:

Ireland's Privacy Regulator Is Investigating Instagram:

 

« The Satanic Mills of the Fourth Industrial Revolution
Cybersecurity For Financial Services: Latest Trends For Fraud Prevention »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Advanced Resource Managers (ARM)

Advanced Resource Managers (ARM)

ARM provide specialist recruitment services for technology and engineering including cyber security.

Entreda

Entreda

Entreda offers a unified platform to automate cybersecurity and compliance policy enforcement for your devices, users, networks, applications.

Arete

Arete

Arete is a global cyber risk company whose mission is to transform the way organizations prepare for, respond to, and prevent cybercrime.

Eseye

Eseye

Eseye is a global specialist supplier of cellular internet connectivity for intelligent IoT (Internet of Things) devices.

BlueKrypt

BlueKrypt

BlueKrypt is a consulting firm for the security of IT systems and their management.

Zeguro

Zeguro

Zeguro provides complete cybersecurity risk assessment, mitigation and insurance, allowing you to easily manage your cyber risk.

Sayata Labs

Sayata Labs

Sayata delivers a streamlined solution for processing cyber policies. Increase profitability with an easy and intuitive platform.

Kentik

Kentik

Kentik - one platform for Network Visibility, Performance, and Security.

Patriot Cyber Defense

Patriot Cyber Defense

Patriot Cyber Defense is a Cyber Security and Management Consulting professional services firm.

NetApp Excellerator

NetApp Excellerator

NetApp Excellerator is NetApp’s global start-up program that aims to fuel innovation by partnering with deep-tech start-ups.

SyncDog

SyncDog

SyncDog is a leader in enterprise security and the preeminent vendor for containerized mobile application security across cloud & on-premise computing environments.

Institute for Security and Technology (IST)

Institute for Security and Technology (IST)

The Institute for Security and Technology's goal is to provide the tools and insights needed for companies and governments to outpace emerging global security threats.

Intellias

Intellias

Intellias is a trusted technology partner to top-tier organizations and digital natives helping them accelerate their pace of sustainable digitalization.

DartPoints

DartPoints

DartPoints helps bridge the digital divide by delivering cloud, colocation, managed services + edge infrastructure.

Azerbaijan Cybersecurity Center (ACC)

Azerbaijan Cybersecurity Center (ACC)

Azerbaijan Cybersecurity Center is a state-of-the-art facility to deliver advanced cyber training programs and build the next generation of Azerbaijan’s cybersecurity professionals.

Reaktr.ai

Reaktr.ai

Reaktr.ai is founded on the vision of using AI as a catalyst to propel industries into a future where we redefine what's possible. Fortify your cybersecurity defense with our AI-powered platform.