Cybersecurity experts said that hackers breached accounts’ data of around half a billion Facebook users – a treasure trove of personal information includes phone numbers, location, full names, and birthdays. Whereas Facebook said that massive data leak has links with the 2019 issue, which now they fixed. Still, there is no clawing back that personal data.
Over thirty million Facebook accounts in America were affected, and the social media giant is not making it easy to perceive if your information was included in the breach. However, a 3rd-party website, haveibeenpwned.com, makes it easy to check by entering your email. For the time being, it just checks if your email / Facebook account was among those stolen.
Around five hundred and thirty-three million Facebook accounts included in the data leak, just 2.5 million of those included accounts in the stolen information. Therefore, you have a half-percent chance of viewing on that website, even still you got a twenty percent chance of breachment if you have a Facebook account.
In early 2020 a vulnerability that enabled seeing the phone number linked to every Facebook account was exploited, creating a database containing the information 533m users across all countries.
It was severely under-reported and today the database became much more worrisome 1/2 pic.twitter.com/ryQ5HuF1Cm
— Alon Gal (Under the Breach) (@UnderTheBreach) January 14, 2021
What Happened with the accounts?
Cybercriminals published online details of over five hundred million Facebook users on an underground website. Instantly it became clear that this was a new data leak, but the previous one comes back to haunt the social media platform and its millions of users whose personal information is now available online for purchase.
The information breach believed to link with a susceptibility which Facebook supposedly fixed in August 2019. Whereas the authorities of Facebook can’t find the particular source of the data breach, the hackers probably approached through the misuse of legitimate functions in the Facebook systems. These types of misuses occur when an apparently innocent feature of any website used for an unexpected motive by hackers, as was the case with a PayID immoral attack in 2019.
However, in the case of the Facebook breach, criminals can mine the systems of Facebook for the personal information of users by using techniques that automate the process of personal harvesting information. Whereas in 2018, Facebook was reeling from the scandal of Cambridge Analytica. It also wasn’t a hacking incident but mismanagement of a perfectly legitimate function of the social media giant.
Initially, the data obtained legitimately – at least, so far as the rules of Facebook concerned. – it then passed on to a 3rd party without the proper permission from users.
Was your account Targeted?
There is no easy way to find out if your personal information targeted in the recent breach. Moreover, if the website is acting in the best interest, one should at least receive a notification from it. But it has no guarantee. Even a tech-understanding user would limit to hunted for the breached information themselves on underground websites.
The online data available for purchase contain a lot of key information. According to haveibeenpwned.com, most of the records include genders and names, also including location, dates of birth, relationship status, and employer. However, it reported only a small proportion of the leak information contained a valid email address, around 2.5 million records.
It is very critical since the statistics of data are less valuable without the relevant email address. It is the combination of the phone number, name, date of birth, and email which provides a beneficial initial point for mistreatment and identity theft. If you are unsure why these particulars would be valuable to a criminal, think about how you can authorize your identity over the phone call with your bank or how previously you reset your password on a website. Troy Hunt, a web security expert at Haveibeenpwned.com, tweeted that a secondary use for the information could use to enhance SMS-based spam and phishing.
I’ve had a heap of queries about this. I’m looking into it and yes, if it’s legit and suitable for @haveibeenpwned it’ll be searchable there shortly. https://t.co/QPLZdXATpt
— Troy Hunt (@troyhunt) April 3, 2021
How to Protect Your Account and Privacy?
Given the nature of the breach, a small number of Facebook users could do proactively to save their personal information from this breach. As the hacking attack targeted the systems of Facebook, the responsibility for securing information lies mainly with the social media platform.
Individually, you can have the option to withdraw from the network; for many people, this is not a simple option. So, one can make some specific changes to his social media behaviors to help minimize his risk from data leaks.
- Ask himself if he needs to share all his personal information with Facebook
- Think about what he shares with others
- Avoid using the Facebook account to sign in to other websites
- Use unique passwords with a combination of alphabets, numbers, and symbols
Read Also: Australia passes new law requiring tech firms to pay for news