BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Facebook Data on 533 Million Users Reemerges Online for Free

From: Destry Winant <destry () riskbasedsecurity com>
Date: Mon, 5 Apr 2021 09:37:48 -0500
https://www.bloomberg.com/news/articles/2021-04-03/facebook-data-on-533-million-users-leaked-business-insider

The personal data of more than half a billion Facebook Inc. users reemerged
online for free on Saturday, a reminder of the company’s ability to collect
mountains of information and its struggles to protect these sensitive
assets.

The leak includes personal information on 533 million Facebook users, such
as phone numbers, Facebook IDs, full names, locations, birth dates, bios
and in some cases email addresses, Business Insider reported.

“This is old data that was previously reported on in 2019,” a Facebook
spokesperson wrote in an email statement. “We found and fixed this issue in
August 2019.”

At the time, the company addressed a flaw in its technology that allowed
the information to leak out. However, once such data escapes from
Facebook’s network, the company has limited power to stop it from spreading
online.

Alon Gal, chief technology officer of cybercrime intelligence firm Hudson
Rock, discovered the data again on Saturday.

Databases, especially if they are large or rare, aren’t often shared widely
right away because “the people who hold it will attempt to monetize it for
as long as they can,” Gal said in a message on Twitter. “The process
sometimes takes years, sometimes days, but eventually all private databases
leak if they were sold around.”

Data leaks threaten to undermine Facebook’s business model of gathering a
large amount of personal information and using that to sell targeted ads.

The information is available for free on a hacking forum, making it widely
accessible to anyone with rudimentary data skills, Business Insider said.
The publication verified several records by matching known Facebook users’
phone numbers with the IDs listed, and confirmed other records by testing
email addresses from the data set in Facebook’s password reset feature,
which can be used to partially reveal a user’s phone number.

_______________________________________________
BreachExchange mailing list sponsored by Risk Based Security
BreachExchange () lists riskbasedsecurity com

If you wish to Edit your membership or Unsubscribe you can do so at the following link:
https://lists.riskbasedsecurity.com/listinfo/breachexchange
Previous By Date Next
Previous By Thread Next

Current thread: