Over 500m Facebook Users' Data Posted On A Hacking Website

Over 533 million accounts from 106 countries that contain phone numbers, full names, locations, email addresses and other sensitive information have been found posted publicly in a hacking forum. The data leak involving personal details of hundreds of millions of Facebook users is being reviewed by Ireland's Data Protection Commission (DPC).  The database is believed to contain a mix of Facebook profile names, phone numbers, locations and other facts about more than 530 million people. 

Facebook says the data is "old", from a previously-reported leak in 2019, but the Irish DPC said it will work with Facebook, to make sure that is the case. Ireland's regulator is critical to such investigations, as Facebook's European headquarters is in Dublin, making it an important regulator for the EU. 

The most recent data dump appears to contain the entire compromised database from the previous leak, which Facebook said it found and fixed more than a year and a half ago.There are records for more than 32 million accounts in the United States, 11 million in the United Kingdom, and 6 million in India.  Threat intelligence expert Alon Gal has pointed that the way the data was sorted and posted on the hacking site this week makes it far more accessible for criminals to exploit.

Speaking to CNN Rachel Tobac, the CEO of security training firm SocialProof Security said "These are the pieces of data cyber criminals spend time searching for to perform social engineering attacks - but now they're all in one place and easily accessible in this leak, which makes social engineering quicker and easier."

If you want to check your phone number against the leaked Facebook database, you can try using a tool created by the  website The News Each Day, in which you input your phone number to find out whether it’s part of the breach. Alternatively, from 7th April people can use the well known Have I Been Pwned online tool to check if their numbers or emails were compromised.

Whether or not your details show up using the search tool to find out that your data has been compromised, some of the recommended steps to take include:

  • Change the passwords of compromised sites,
  • Use a password manager so that you can create and track unique passwords for each site. 
  • Set up two-factor authentication (2FA) in any online service that offers it, to access your account or change your details.

Facebook has previously said it would crack down on mass data-scraping after Cambridge Analytica used over 80 million of Facebook user’s data, claimed to be in violation of Facebook's terms of service, to target voters with political ads in the 2016 election. Following this most recent episode of Facebook's careless exposure of user confidentiality, it remains to be seen what regulatory action, in Ireland or anywhere else, will result.   

TechRadar:    Gizmodo:     Business Insider:    The Verge:    Techcrunch:    TheNewsEachDay

  BBC:       CTV:      Image: Unsplash

You Might Also Read:

Ireland's Privacy Regulator Is Investigating Instagram:

 

« The Satanic Mills of the Fourth Industrial Revolution
Cybersecurity For Financial Industries: Latest Trends For Fraud Prevention »

Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

eBook: Practical Guide to Security in the AWS Cloud

eBook: Practical Guide to Security in the AWS Cloud

AWS Marketplace would like to present you with a digital copy of the new book, Practical Guide to Security in the AWS Cloud, by the SANS Institute.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DLA Piper

DLA Piper

DLA Piper is a global law firm with offices throughout the Americas, Asia Pacific, Europe and the Middle East. Practice areas include Cybersecurity.

Genie Networks

Genie Networks

Genie Networks is a leading technology company providing networking and security solutions for optimizing the performance of large networks.

Tricerion

Tricerion

SafeLogin from Tricerion is an entirely software based identity access management solution that uses picture based passwords rather than alphanumeric text.

Adyta

Adyta

Adyta specializes in cybersecurity solutions adapted to the needs of sovereign institutions, business groups and other organizations that handle information and sensitive or classified data.

Disruptive Consulting

Disruptive Consulting

Disruptive Consulting is a European IT security company that protects companies and public institutions around the world against cyberattacks.

INFRA Security & Vulnerability Scanner

INFRA Security & Vulnerability Scanner

INFRA is a powerful platform with an easy interface for any kind of Ethical Hacking, from corporate monitoring and VAPT (vulnerability assessments and penetration testing) to military intelligence.

KanREN

KanREN

KanREN is a member based consortium offering custom, world-class network services and support for researchers, educators, and public service institutions in the state of Kansas.

Unlimited Technology

Unlimited Technology

Unlimited Technology offers a wide range of talent and experience, from assessing your requirements to implementing technologically advanced security solutions to best fit your needs.