Facebook: data from over 500 million users has become public

Facebook: data from over 500 million users has become public


As recently became known, a bug in Facebook's tool for importing contacts was exploited to access millions of user data from all over the world. Around 533 million users are affected globally, around 6 million in Germany alone. For comparison: at the end of 2020, the social network had almost 2.8 billion active users worldwide, i.e. those who log in at least once a month. In Germany there are a total of almost 50 million users. A not inconsiderable proportion of Facebook users is thus affected.

Also interesting: Godzilla vs. Kong starts successfully and thus creates a cinema record

Masses of data collected

Through that By exploiting an error in the contact import tool, attackers were able to collect the data by scraping. This worked via public information from users on the social network, so it does not constitute a hack, which Facebook also points out in a statement. The affected loophole in the tool has been closed since September 2019, it also says.

Data for phising attacks

The attackers therefore did not get payment data, health information or passwords. But very much in names with matching employers and places of residence. E-mail addresses and, in some cases, telephone numbers. Even if this data alone is not enough to cause serious damage, it is possible to contact the affected user and start an attempt to phishing passwords or payment data.

Recommended editorial content At this point you will find external content from [PLATTFORM]. To protect your personal data, external integrations are only displayed if you confirm this by clicking on "Load all external content": Load all external content I consent to external content being displayed to me. This means that personal data is transmitted to third-party platforms. Read more about our privacy policy . External content More on this in our data protection declaration.

Numerous phising SMS

Currently, depending on the provider, there are more and more phising SMS messages that claim to contain information on alleged online orders. If you click on the link in such an SMS and enter personal data in the mask that opens, phising attackers can access the same information.

Read also 0

Facebook: AI recognized 97% of hate speech, before users reported them

In the last quarter of 2020, Facebook was able to use AI to remove 97% of hate postings before they were reported by a user. 0

Facebook: New cloud gaming service goes a different way than existing offers

Facebook Gaming has presented a cloud gaming service that can be used to stream mobile games. The service is free. 0

Oculus: Sales of VR glasses in Germany stopped by Facebook

Facebook has surprisingly stopped the sale of Oculus glasses in Germany. Presumably because of pending data protection problems. var lstExcludedArticleTicker = '1369954,1366880,1360668,1357445';

Facebook does not inform

Back to the Facebook user data that has become public. As the company announced, potentially affected users will not be informed. The reason: firstly, you don't know exactly who is affected and secondly, users can't do anything about it anyway. Instead, Facebook gives the advice to ensure data protection independently and actively and not, for example, to share information publicly at will.

Data are offered online

The data sets with the information from scraping via the contact import -Tools will continue to be offered online, broken down by country. The information from the around 6 million affected German users is also included, the data set is a little over 600 MB in size. According to security researchers, this is valid data.

Sources: The Verge / Facebook-Newsroom / Caschy's Blog

The Worst Thing About That Huge Facebook Data Leak? There’s (Almost) Nothing You Can Do

WASHINGTON, DC - JULY 29: Facebook CEO Mark Zuckerberg testifies via video conference during an ... [+] Antitrust, Commercial and Administrative Law Subcommittee hearing on 'Online platforms and market power. Examining the dominance of Amazon, Facebook, Google and Apple' on Capitol Hill on July 29, 2020 in Washington, DC. (Photo by Graeme Jennings - Pool/Getty Images)

Getty Images

It’s a battle for the ages.

The only problem? We’re defending ourselves with fly swatters.

Social media companies like Facebook are constantly collecting information about what we do online. That new pair of Reebok shoes that popped up in your feed? It’s no coincidence. The data being mined about your online activity is a treasure trove for advertisers and hackers alike. 

We’re not talking about mere cookies in Google Chrome that track your web visits. It’s your email. Your address, phone number, and birth date.

This data is so readily available to anyone it’s almost comical. We might as well stand on a street corner and hand out copies of our social security card to people passing by or hold up a sign with our banking account and routing number on full display.

Recently, a security expert revealed that 533 million Facebook records are available in broad daylight (meaning: for free), available for cherry picking by would-be criminals. The leak occurred way back in 2019 and involved a sophisticated algorithm that was able to match up a leaked phone number with other Facebook user data, including where you live.

With some leaks, such as stolen passwords and other account information, you can typically protect yourself by resetting your logins. Think of that type of leak as someone stealing your credit card. You can always close the account and request a new card. You have some protection thanks to the credit card company itself.

Because this new leak involves data that is out in the wild and contains sensitive personal information circulating widely among thousands of hackers, there’s not much you can do about it. It’s more than just passwords. In this case, it’s more like someone could impersonate you because of your birthdate and where you live (things that are difficult to change), and the possibility for identity theft is higher.

It's all about the type of data available. Hackers often use social engineering tactics to impersonate people online. They might try to register for a new account at your bank using your email and phone, armed with your city and state data to “prove” it’s you. They are remarkably persuasive when it comes to calling a tech support line as well.

It’s also easier than ever to access this data without paying for it. With a few clicks, criminals can start impersonating you and break into a credit card site or hack your email with a few clicks. (It doesn’t help that people still use their birthdate as a common password.) Not only that, but Facebook itself doesn’t seem too motivated to track down the culprits. The leak occurred over two years ago, and it’s been circulating for so long there are likely few breadcrumbs left to trace.

I mentioned there is almost nothing we can do, however. One security strategy has to do with vigilance. Most of us barely pay attention to our bank accounts and credit card statements, but keeping an eye on fraudulent charges is a wise strategy because it means you can start fighting it. Now is the time.

Another good tactic is to start closing down extra accounts, including any credit cards you don’t need. As any military expert will tell you, in combat, it’s smart to make yourself less of a target. Decrease the number of accounts available for attack. Reduce how much personal information is even out there.

It might feel like you are plugging holes in a chain-length fence, but the reality is that it is smart to close down any extra accounts you don’t use because that means one less attack vector for hackers. We know social media companies are here to stay. We know the data is out there. The smartest approach is to at least look for ways to become a little less vulnerable.

Powered by Blogger.