In yet another major data breach, personal details of nearly 533 million Facebook users from more than 100 countries, including India, were leaked online and uploaded on low-level hacking forums. The breach was first highlighted by Alon Gal, the co-founder and chief technical officer of cybersecurity firm Hudson Rock, who found the cache of leaked data online on Saturday (April 3).
Facebook has been grappling with data security issues for years. In 2018, the social media giant disabled a feature that allowed users to search for one another via phone number following revelations that the political firm Cambridge Analytica had accessed information on up to 87 million Facebook users without their knowledge or consent.
In December 2019, a Ukrainian security researcher reported finding a database with the names, phone numbers and unique user IDs of more than 267 million Facebook users – nearly all US-based – on the open internet. It is unclear if the current data dump is related to this database.
Over 4 billion records have been stolen or accidentally leaked in the past decade, according to data collected by Privacy Rights Clearinghouse, with more than 7,000 separate breaches in that time, and the frequency of mega-breaches that compromise tens or hundreds of millions of people’s data is on the rise.
“Regarding the Facebook leak of the 533M people– the irony is that Mark Zuckerberg is regrettably included in the leak as well. If journalists are struggling to get a statement from Facebook, maybe just give him a call, from the tel in the leak?” a data security Dave Walker tweeted Sunday.
Cybercriminals use leaked personal data as a starting point for countless other scams. Stolen records are regularly circulated online by cybercriminals and used for fraud, while hackers can try to break into companies’ systems to deploy ransomware or extort them.
Here’s how to determine whether your data has been exposed in a breach and how to protect yourself.
One resource is HaveIBeenPwned.com, a database maintained by security analyst Troy Hunt. The site lets anyone enter their email address and cross-references it with more than 10 billion accounts compromised in past breaches to determine whether they’ve been “pwned,” or compromised.