Facebook has become the latest victim of a massive data leak, and even Zuckerberg has fallen prey to it.
In a shocking revealment, the data of over a whopping 553 million Facebook users was made public on Saturday. The leak, posted by a user in a low-level hacking forum for free, disclosed users’ sensitive personal information across 106 countries, including India!
Business Insider reviewed a sample of the leaked data. It contained details such as phone numbers, Facebook IDs or usernames, the user’s full name, location, birth dates, bios, and even email addresses.
BI reported that over 32 million records of users in the U.S, 11 million in the U.K and 6 million in India were exposed. And among them, apparently, Facebook CEO Mark Zuckerberg’s phone number has surfaced in the compromised data.
When asked about the data breach, a Facebook spokesperson responded by saying that the leaked data was able to be scrapped due to the vulnerability which the social media behemoth patched two years ago.
Back in 2019, a vulnerability was discovered on the Facebook platform, which allowed phone numbers of users to be scraped from the company’s servers. The social media giant was quick to take note of the problem and patched the vulnerability in August 2019. Thus it means that the data leak which has recently been posted on the hacking forum is old.
But it still useful and valuable to cybercriminals, according to Alon Gal, CTO of Hudson Rock, a cybercrime intelligence firm.
Gal was one of the first individuals to discover the Facebook data breach in January. In a statement about the same, he mentioned that the huge database containing numerous private data points of users will undoubtedly lead to bad actors taking advantage of it to execute various types of attacks such as social engineering, phishing and more.
Three months ago, a user in the same hacking forum was advertising an automated bot capable of providing the phone numbers of millions of Facebook users in exchange for a price. However, it seems the hacker’s prior attempts to monetize the stolen data failed, as this time around, the entire database has been posted online for free and now anyone with basic data skills can access it.
All in all, security researchers and analysts believe there is not much Facebook could do to reverse the data leak at this point. Therefore, the company must proceed to inform users about the breach so that its users can remain vigilant in the near future.
One must take note that this is the second major data leak involving Indian users within the first three months of 2021. Before this, the homegrown digital payments giant Mobikwik quite recently came under fire for disavowing an alleged data leak that exposed around 8.2 terabytes (TB) of its users’ sensitive data. Quite similar to Facebook’ data breach, it included addresses, mobile phone numbers along with know-your-customer aka KYC details, credit/debit card data, Aadhaar card data and more.
We will keep you updated on all future developments. Until then, stay tuned.