Over 500m Facebook Users' Data Posted On A Hacking Website

Over 533 million accounts from 106 countries that contain phone numbers, full names, locations, email addresses and other sensitive information have been found posted publicly in a hacking forum. The data leak involving personal details of hundreds of millions of Facebook users is being reviewed by Ireland's Data Protection Commission (DPC).  The database is believed to contain a mix of Facebook profile names, phone numbers, locations and other facts about more than 530 million people. 

Facebook says the data is "old", from a previously-reported leak in 2019, but the Irish DPC said it will work with Facebook, to make sure that is the case. Ireland's regulator is critical to such investigations, as Facebook's European headquarters is in Dublin, making it an important regulator for the EU. 

The most recent data dump appears to contain the entire compromised database from the previous leak, which Facebook said it found and fixed more than a year and a half ago.There are records for more than 32 million accounts in the United States, 11 million in the United Kingdom, and 6 million in India.  Threat intelligence expert Alon Gal has pointed that the way the data was sorted and posted on the hacking site this week makes it far more accessible for criminals to exploit.

Speaking to CNN Rachel Tobac, the CEO of security training firm SocialProof Security said "These are the pieces of data cyber criminals spend time searching for to perform social engineering attacks - but now they're all in one place and easily accessible in this leak, which makes social engineering quicker and easier."

If you want to check your phone number against the leaked Facebook database, you can try using a tool created by the  website The News Each Day, in which you input your phone number to find out whether it’s part of the breach. Alternatively, from 7th April people can use the well known Have I Been Pwned online tool to check if their numbers or emails were compromised.

Whether or not your details show up using the search tool to find out that your data has been compromised, some of the recommended steps to take include:

  • Change the passwords of compromised sites,
  • Use a password manager so that you can create and track unique passwords for each site. 
  • Set up two-factor authentication (2FA) in any online service that offers it, to access your account or change your details.

Facebook has previously said it would crack down on mass data-scraping after Cambridge Analytica used over 80 million of Facebook user’s data, claimed to be in violation of Facebook's terms of service, to target voters with political ads in the 2016 election. Following this most recent episode of Facebook's careless exposure of user confidentiality, it remains to be seen what regulatory action, in Ireland or anywhere else, will result.   

TechRadar:    Gizmodo:     Business Insider:    The Verge:    Techcrunch:    TheNewsEachDay

  BBC:       CTV:      Image: Unsplash

You Might Also Read:

Ireland's Privacy Regulator Is Investigating Instagram:

 

« The Satanic Mills of the Fourth Industrial Revolution
Cybersecurity For Financial Services: Latest Trends For Fraud Prevention »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

SmartSearch

SmartSearch

SmartSearch is a leading online provider of Anti-Money Laundering and Fraud Prevention Services.

Joe Security

Joe Security

Joe Security specializes in the development of automated malware analysis systems for malware detection and forensics.

Applied Risk

Applied Risk

Applied Risk is an established leader in Industrial Control Systems security, focused on critical infrastructure security and combating security breaches that pose a significant threat.

Swiss Cyber Storm

Swiss Cyber Storm

Swiss Cyber Storm is a non profit organization hosting the international Swiss Cyber Storm Conference and running the Swiss part of the European Cyber Security Challenges.

Inseego

Inseego

Inseego provides Enterprise SaaS solutions and IoT & Mobile solutions, which together form the backbone of intelligent, reliable and secure IoT services with deep business intelligence.

DeepCyber

DeepCyber

DeepCyber supports its customers, with an “intelligence-driven” approach, to improve their proactive detection and response "capability" of cyber threats.

CUJO AI

CUJO AI

CUJO AI is the global leader in the development and application of artificial intelligence to improve the security, control and privacy of connected devices in homes and businesses.

Secberus

Secberus

SECBERUS creates cloud security technology to help organizations stay secure & compliant in the public cloud.

archTIS

archTIS

archTIS specialises in the design and development of products, solutions and services for secure information sharing and collaboration.

Fortiphyd Logic

Fortiphyd Logic

Fortiphyd Logic equips operators of the power grid, oil & gas, and other critical infrastructure with the tools and training they need to defend their industrial networks from advanced cyberattacks.

PreEmptive Solutions

PreEmptive Solutions

PreEmptive Protection hit the sweet spot between cost, convenience and functionality by helping you protect and secure your apps in a smarter way.

Carson McDowell

Carson McDowell

Carson McDowell are one of Northern Ireland's leading law firms. We are the law firm of choice for many of Northern Ireland's Top 100 companies as well as international companies doing business here.

GAVS Technologies

GAVS Technologies

GAVS is a global IT services provider with focus on AI-led Managed Services and Digital Transformation.

Axitea

Axitea

Axitea designs, implements and develops the solutions best suited to its customers’ needs and their physical and cyber security requirements.

CACI International

CACI International

CACI is at the forefront of developing and delivering technological breakthroughs that transform and optimize government operations.

PeoplActive

PeoplActive

PeoplActive is an IT consulting and recruitment services organization with leading capabilities in digital, cloud and security.