Facebook is by far the largest and most popular social media platform used today. With 2.8 billion users and .84 billion daily active users, it controls nearly 59% of the social media market. With that many users, one can only imagine the amount of data produced and collected by Facebook every second. A majority of the data collected is personal information on its users. The social tech platform collects its user’s names, birthdays, phone numbers, email addresses, locations, and in some cases photo IDs. All of this information can be maliciously used if it got into the wrong hands, which is why numerous people are worried about the latest Facebook data breach.
What happened with the Facebook Data Leak?
The most recent Facebook data leak was exposed by a user in a low-level hacking forum who published the phone numbers and personal data of hundreds of millions of Facebook users for free. The exposed data includes the personal information of over 533 million Facebook users from 106 countries. The leaked data contains phone numbers, Facebook IDs, full names, locations, birthdates, bios, and, in some cases, email addresses.
The leak was discovered in January when a user in the same hacking forum advertised an automated bot that could provide phone numbers for hundreds of millions of Facebook users for a price. A Facebook spokesperson is claiming that the data was scraped because of a vulnerability that the company patched in 2019. Data scraping is a technique in which a computer program extracts data from human-readable output coming from another program. The vulnerability uncovered in 2019 allowed millions of phone numbers to be scraped from Facebook’s servers in violation of its terms of service. Facebook said that vulnerability was patched in August 2019.
However, the scraped data has now been posted on the hacking forum for free, making it available to anyone with basic data skills. The leaked data could be priceless to cybercriminals who use people’s personal information to impersonate them or scam them into handing over login credentials.
What caused the Facebook data breach?
When Facebook was made aware of the data exposed on the hacking forum, they were quick to say that the data is old from a break that occurred in 2019. Basically, they’re saying this is nothing new, the data has been out there for some time now and they patched the vulnerability in their system. In fact, the data, which first surfaced back in 2019, came from a breach that Facebook did not disclose in any significant detail at the time. Facebook never really let this data breach be publicly known.
Uncertainty with Facebook’s explanation comes from the fact that they had a number of breaches and exposures from where the data could have come from. Here is a list of recent Facebook “data leaks” in recent years:
- April 2019 – 540 million records exposed by a third party and disclosed by the security firm UpGuard
- September 2019 – 419 million Facebook user records scraped from the social network by bad actors before a 2018 Facebook policy change
- 2018 – Cambridge Analytica third-party data sharing scandal
- 2018 – Facebook data breach that compromised access tokens and virtually all personal data from about 30 million users
Facebook eventually explained that the most recent data exploit of 533 million user accounts is a different data set that attackers created by abusing a flaw in a Facebook address book contacts import feature. Facebook says it patched the weak point in August 2019, but it’s uncertain how many times the bug was exploited before then.
How can you find out if your personal information is part of the Facebook breach?
With so much personal information on social media today, you’d expect the tech giants to have a strong grip on their data security measures. With the latest Facebook breach, a large amount of data was exposed including full names, birthdays, phone numbers, and locations. Facebook says that the data leak originated from an issue in 2019, which has since been fixed. Regardless, there’s no way to reclaim that data. A third-party website, haveibeenpwned.com, makes it easy to check if you’re data was part of the leaked information. Simply, input your email to find out. Though 533 million Facebook accounts were included in the breach, only 2.5 million of those included emails in the stolen data. That means you’ve got less than a half-percent chance of showing up on that website. Although this data is from 2019, it could still be of value to hackers and cybercriminals like those who take part in identity theft. This should serve as a reminder to not share any personal information on social media that you don’t want a stranger to see.