You may have seen something about a Facebook leak on the news or on your social media feeds. On April 6, Facebook acknowledged that personal information from 533 million Facebook users in more than 106 countries has been compromised. In light of this event, you should take this opportunity to look at your personal data security habits.
In 2019, malicious actors used automated software to scrape user data from Facebook via the tools used to import contacts. Facebook became aware of this activity in September 2019 and fixed the vulnerability, but they did not publicly announce their findings. In January 2021 the cybercrime intelligence firm Hudson Rock discovered the database of personal information for sale on a ‘low-level hacking forum.’ The data has since been released on the same forum for free. Facebook has announced that they do not plan to notify affected users.
According to Facebook, only information that was publicly available on user profiles was included in this dataset. The data trove contains phone numbers, email addresses, hometowns, full names, and birthdates. No sensitive information such as passwords, credit cards, or social security numbers were found in the database, but the personal information leaked could leave users vulnerable to phishing scams or identity fraud.
Our cybersecurity experts recommend the following steps: