Over 500m Facebook Users' Data Posted On A Hacking Website

Uploaded on 2021-04-06 in TECHNOLOGY-Key Areas-Social Media, TECHNOLOGY--Hackers, FREE TO VIEW

Over 533 million accounts from 106 countries that contain phone numbers, full names, locations, email addresses and other sensitive information have been found posted publicly in a hacking forum. The data leak involving personal details of hundreds of millions of Facebook users is being reviewed by Ireland's Data Protection Commission (DPC).  The database is believed to contain a mix of Facebook profile names, phone numbers, locations and other facts about more than 530 million people. 

Facebook says the data is "old", from a previously-reported leak in 2019, but the Irish DPC said it will work with Facebook, to make sure that is the case. Ireland's regulator is critical to such investigations, as Facebook's European headquarters is in Dublin, making it an important regulator for the EU. 

The most recent data dump appears to contain the entire compromised database from the previous leak, which Facebook said it found and fixed more than a year and a half ago.There are records for more than 32 million accounts in the United States, 11 million in the United Kingdom, and 6 million in India.  Threat intelligence expert Alon Gal has pointed that the way the data was sorted and posted on the hacking site this week makes it far more accessible for criminals to exploit.

Speaking to CNN Rachel Tobac, the CEO of security training firm SocialProof Security said "These are the pieces of data cyber criminals spend time searching for to perform social engineering attacks - but now they're all in one place and easily accessible in this leak, which makes social engineering quicker and easier."

If you want to check your phone number against the leaked Facebook database, you can try using a tool created by the  website The News Each Day, in which you input your phone number to find out whether it’s part of the breach. Alternatively, from 7th April people can use the well known Have I Been Pwned online tool to check if their numbers or emails were compromised.

Whether or not your details show up using the search tool to find out that your data has been compromised, some of the recommended steps to take include:

  • Change the passwords of compromised sites,
  • Use a password manager so that you can create and track unique passwords for each site. 
  • Set up two-factor authentication (2FA) in any online service that offers it, to access your account or change your details.

Facebook has previously said it would crack down on mass data-scraping after Cambridge Analytica used over 80 million of Facebook user’s data, claimed to be in violation of Facebook's terms of service, to target voters with political ads in the 2016 election. Following this most recent episode of Facebook's careless exposure of user confidentiality, it remains to be seen what regulatory action, in Ireland or anywhere else, will result.   

TechRadar:    Gizmodo:     Business Insider:    The Verge:    Techcrunch:    TheNewsEachDay

  BBC:       CTV:      Image: Unsplash

You Might Also Read:

Ireland's Privacy Regulator Is Investigating Instagram:

 

« The Satanic Mills of the Fourth Industrial Revolution
Cybersecurity For Financial Services: Latest Trends For Fraud Prevention »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

SealPath

SealPath

SealPath enables companies to protect and control their documents wherever they are: In their PC, in their corporate network, on a partner’s network, in the cloud.

Infoblox

Infoblox

Infoblox solutions help businesses automate complex network control functions to reduce costs, increase security and maximize uptime.

Axial

Axial

Axial Systems is one of the UK’s leading solution providers and systems integrators in network, security and services.

ADL Process

ADL Process

ADL Process offer secure data destruction, certified product destruction and responsible electronics recycling services to businesses and institutions.

IntaPeople

IntaPeople

IntaPeople are IT and engineering recruitment specialists. We have specialist teams for job sectors including Cybersecurity, IT infrastructure and DevOps.

LinkShadow

LinkShadow

LinkShadow is a next-generation cybersecurity solution that provides unparalleled detection of even the most sophisticated threats.

Measured Insurance

Measured Insurance

Measured Insurance are bridging the gap between technology and Insurance using AI-Powered analytics that track clients’ exposure in real time to create smarter insurance products.

In Fidem

In Fidem

In Fidem specializes in information security management, with a bold approach that views cybersecurity as a springboard to organizational transformation rather than a barrier to innovation.

InfusionPoints

InfusionPoints

InfusionPoints is your independent trusted partner dedicated to assisting you in building your secure and compliant business solutions.

Sentra

Sentra

Sentra is focused on improving data security practices within the cloud, mitigating the risks of damaging data leaks by providing comprehensive visibility into critical data assets.

FourNet

FourNet

FourNet is an award-winning provider of cloud and managed services; we work closely with our clients to enable digital transformation across their organisation.

NMi Group

NMi Group

NMi Group is a global pioneer in mission-critical Testing, Inspection, Certification, and Calibration (TICC) services.

Lintu Solutions

Lintu Solutions

Lintu Solutions is a trusted provider of comprehensive cybersecurity and enterprise risk management solutions.

Aurascape AI

Aurascape AI

Aurascape is working on advanced cybersecurity solutions powered by grounds-up generative AI architecture.

Lyvoc

Lyvoc

Lyvoc is a premier cybersecurity integration partner renowned for its expertise in supporting its clients to accelerate and secure their digital transformation.

Harness

Harness

Harness delivers an end-to-end software delivery platform that helps engineering teams achieve the highest levels of engineering excellence.