Loading

Blog details

Facebook data leak affects over half a billion users worldwide

Facebook data leak affects over half a billion users worldwide

Facebook data leak results in the personal information of over half a billion users being made available publicly and free of charge. 

 

Facebook has recently been implicated in a massive data leak affecting over a half a billion users, as reported by Business Insider earlier this month. The personal data leaked was gathered during a data breach two years ago. However, in recent times, an individual has published all of this personal information in a black market online hacking forum, free of charge. It is believed that this information was previously available for sale but has since gone down in value, and is now being offered for free on a hacking forum. This data was obtained through the misuse of a feature prior to 2019 and affects approximately 533 million users, from over 100 countries. 

 

The personal data leaked does not include login information, however the details included contain enough information to facilitate impersonation or fraud. 

 

The personal data affected includes information like full names, identification credentials, locations, dates of birth, email addresses, and phone numbers. The information does not include financial information or health information. It is also said that login information is not included in the data, however, the information put out there could potentially be used for hacking. Security experts say that this information could be used to impersonate individuals and commit fraud. Facebook’s Product Management Director, Mike Clark says that this information was not obtained through hacking, but rather by scraping it from the platform, much like what happened with Facebook in their 2016 Cambridge Analytica fiasco. 

 

The Facebook data leak had resulted in information which was once available for sale in January, now published free of charge on a hacking forum. 

 

The data was first discovered in January, on a hacking forum where an individual or entity advertised an automated bot which could provide certain user data from Facebook. At the time this data was confirmed to be legitimate. However, since then the data has been publicized and is now available for free in a low level hacking forum. This information was discovered earlier this month by Alon Gal, the chief technology officer of the cybercrime intelligence firm, Hudson Rock. 

Facebook reports that the vulnerability which led to the data scraping has since been rectified, and that the company does not intend to notify the individual users affected by this leak. 

 

Facebook officials want to assure the public that the platform’s vulnerability which led to the 2019 data breach has since been rectified. The social media company has not notified the over 533 million users who were affected by this data breach, and according to company officials, they do not intend to do so. Facebook’s spokesman said the social media company was not confident that it had full visibility on which users would need to be notified. They also considered the fact that users could do nothing to fix the issue as well as claims that the data was already publicly available in their defense for not notifying users.

 

“One needs to understand that, under GDPR, data breaches of such nature need to be notified to data protection authorities and very likely to the affected users as well” comments Dr Bostjan Makarovic, Aphaia’s Managing Partner.

 

Does your company have all of the mandated safeguards in place to ensure compliance with the ePrivacy, GDPR and Data Protection Act 2018 in handling customer data? Aphaia provides ePrivacy, GDPR and Data Protection Act 2018 consultancy services, including data protection impact assessments, EU AI Ethics Assessments and Data Protection Officer outsourcing. We can help your company get on track towards full compliance.

Prev post
Digital Green Certificates: the EDPB and EDPS release a joint opinion
April 9, 2021
Next post
Dutch DPA imposes fine for delayed report of a data breach
April 16, 2021

Leave a Comment