Facebook Suffers Huge Leakage

[Guest]

Facebook acknowledges personal information of 500M users posted online, says data is ‘old’

 

Summary

Facebook has communicated user information has been hacked in a low-level breach. This includes phone numbers, contacts and other Facebook information available on accounts. 

 

Quotes

Quote

The phone numbers and personal data of more than 500 million Facebook users has been posted online by a low-level hacker in a forum for free.

 

Alon Gal, CTO of Hudson Rock, a cybercrime intelligence firm first discovered the leak on Saturday.

 

“All 533,000,000 Facebook records were just leaked for free,” he wrote in a tweet. “This means that if you have a Facebook account, it is extremely likely the phone number used for that account was leaked.”
 

“It was severely under-reported and today the database became much more worrisome,” he wrote.

 

By Gal’s count, 3,494,385 users in Canada were affected.

 

Quote

Facebook acknowledged the news in an emailed statement Saturday afternoon, but said the data was obtained during a breach in 2019.

 

“This is old data that was previously reported on in 2019,” a Facebook spokesperson said. “We found and fixed this issue in August 2019.”

 

 

My thoughts

Does not matter if previously reported. Facebook has a responsibility to its users to let them know their data has been hacked, so they can change passwords and emails. Awful behaviour by Facebook - 533 million accounts its not a joke. 

 

Sources

https://globalnews.ca/news/7737055/facebook-user-data-leaked/

[bmx6454]

I'm thankful that i use mostly fake info(not my real address), and a throw away email for facebook lol

[wanderingfool2]

Curious whether my data is in there...would be interesting to know.  Does anyone know if there is a reputable site to check.

 

On a similar note, I have always wondered about how open Facebook is in regards to hacks of the network.  I got a random spam email saying my email was "hacked"...the interesting thing was they used the password I used for Facebook (and only Facebook).  I know my computer wasn't compromised, but had never heard anything from Facebook about potential compromises but it always made me wonder.

[StDragon]

My worried face - 

 

See, it's easy when you've never had a FB account.

 

Friends don't let friends use FB.

[justpoet]

4 hours ago, RorzNZ said:

its not a joke

FaceBook is a joke.  The only reason we're hearing about this is because FB didn't get paid to hand all that info out like they usually do.

[AldiPrayogi]

Is it too late to deactivate my facebook account...

[Kisai]

4 hours ago, RorzNZ said:

 

Summary

Facebook has communicated user information has been hacked in a low-level breach. This includes phone numbers, contacts and other Facebook information available on accounts. 

 

 

This is why "real information" should not be used on the internet. Create a new name, create a weeaboo name, create a fanfic name, just do anything but use your real name, even when they demand you use your real name. If they have the typical "we are responsible for nothing" garbage arbitration terms of service, you don't give them your real name, because quite frankly, if they're not willing to put skin in the game, neither should you.

 

There's some absolute irony here because pre-19th century mythology always warned you about not giving your real name to strangers, because that was an early form of identity theft. 

 

I doubt there is a lot of information leaked that is directly usable, but people haven't needed to change their phone numbers since local number portability came into effect around 2008. So "it's old" is meaningless as anyone who has not changed their phone number since 2018, would have a current number. 

[captain_to_fire]

[jagdtigger]

1 hour ago, Kisai said:

Create a new name, create a weeaboo name, create a fanfic name, just do anything but use your real name

Unless they are still pushing their "real name policy" BS....

[Guest]

1 hour ago, Kisai said:

This is why "real information" should not be used on the internet. Create a new name, create a weeaboo name, create a fanfic name, just do anything but use your real name, even when they demand you use your real name. If they have the typical "we are responsible for nothing" garbage arbitration terms of service, you don't give them your real name, because quite frankly, if they're not willing to put skin in the game, neither should you.

 

There's some absolute irony here because pre-19th century mythology always warned you about not giving your real name to strangers, because that was an early form of identity theft. 

 

I doubt there is a lot of information leaked that is directly usable, but people haven't needed to change their phone numbers since local number portability came into effect around 2008. So "it's old" is meaningless as anyone who has not changed their phone number since 2018, would have a current number. 

I use FB for university work and organising tutoring, so a fake name isn't really applicable. I use my middle name instead of my last name though. Probably emails would be the main concern for phishing. 

[Guest]

1 hour ago, Grand Admiral Thrawn said:

PSA: if you happen to use Facebook, check over here if your data has leaked: https://haveibeenpwned.com/

for an example try my old email (don't worry it's been deleted) which got hacked: cooldarmc@gmail.com 

 

[EDIT]

You can also try passwords now. 

[LAwLz]

It's not anywhere near as bad as it sounds. 

It's just the name, email address, Facebook UID and phone numbers of users (at most), and it was only on users that had that info public anyway. 

 

The "hacker" just scraped public info. The "security issue" was that there was no limit on how much info you could scrape. 

 

Edit: Some people have more than just the name, email, UID and phone numbers "leaked". For example marriage status, gender etc. But it is only info that was set to public. Basically, it's just an ordered text document of whatever info was public at the time someone scraped it. Seems like it's up to 12 different pieces of info that could be scraped.

[Arika]

2 hours ago, AldiPrayogi said:

Is it too late to deactivate my facebook account...

I deleted mine a while ago, but I am not so naive to think this means they no longer have my data.

[Vishera]

For Facebook i used a temporary phone number,and the email address i use there is used exclusively for Facebook,

I entered the email to  Have I been Pwned and: "Good news — no pwnage found!"

30 minutes ago, LAwLz said:

It's not anywhere near as bad as it sounds. 

It's just the name, email address, Facebook UID and phone numbers of users (at most), and it was only on users that had that info public anyway. 

 

The "hacker" just scraped public info. The "security issue" was that there was no limit on how much info you could scrape. 

If that's true,then only my name and picture are available to the public and could be stolen,they could enter that to a facial recognition database..

Regardless of that i have been extremely careful when i opened my Facebook account 10 years ago,so the worst case scenario for me is minimal damage,and i don't use Facebook anymore.

[GreatnessRD]

2 hours ago, Grand Admiral Thrawn said:

PSA: if you happen to use Facebook, check over here if your data has leaked: https://haveibeenpwned.com/

This is a cool little site. Seems my E-mail has been pwned 3 times. Oh well, I'm poor, so good luck hackers!

 

Enjoy getting "lol, no" when trying to take out a home in my name.

[Kisai]

1 hour ago, LAwLz said:

It's not anywhere near as bad as it sounds. 

It's just the name, email address, Facebook UID and phone numbers of users (at most), and it was only on users that had that info public anyway. 

 

The "hacker" just scraped public info. The "security issue" was that there was no limit on how much info you could scrape. 

If that's the case, that explains why my email address didn't bring anything up, because I have everything set to family-only.

[Bombastinator]

Is this the same or different than the 2019 Facebook data someone found for sale on the dark web?

[FRD]

1 hour ago, Bombastinator said:

Is this the same or different than the 2019 Facebook data someone found for sale on the dark web?

According to Facebook itself the data is from 2019 and they already found and fixed the problem in August 2019, which is why they are not sweating over this new leaked info right now.

[Bombastinator]

3 hours ago, FRD said:

According to Facebook itself the data is from 2019 and they already found and fixed the problem in August 2019, which is why they are not sweating over this new leaked info right now.

That’s a somewhat “yes and no” response.  If the data was from 2019 it’s not new data and this is not a new leak.  It’s newly found data but that is not “new leaked info” So according to Facebook it’s the old stuff.  Companies are notoriously less than trustworthy about such things.

[Doobeedoo]

Data is old KEKW

[lostcattears]

Like I have been saying my data is most likely all out there in the wild already... It is just that my data isn't useful.... They have to scour though all the famous people only those are worth exploiting. 99% of all people's data is uselesssssss. Change your password a billion times and it will still get leak. 

[arkscout]

On 4/4/2021 at 12:40 AM, LAwLz said:

It's not anywhere near as bad as it sounds. 

It's just the name, email address, Facebook UID and phone numbers of users (at most), and it was only on users that had that info public anyway. 

 

The "hacker" just scraped public info. The "security issue" was that there was no limit on how much info you could scrape. 

 

Edit: Some people have more than just the name, email, UID and phone numbers "leaked". For example marriage status, gender etc. But it is only info that was set to public. Basically, it's just an ordered text document of whatever info was public at the time someone scraped it. Seems like it's up to 12 different pieces of info that could be scraped.

The problem is they assume responsibility for the safe keeping of this data, regardless of how general or "open source" it might be.

 

Facebook is already a go to when doing any sort of open source intelligence (OSINT). What the real issue I see is the indexing of all this data/metadata for advertising, profiling, etc. Just makes it easier to do bad.

[RejZoR]

I've checked the leaked databases and from the looks of it Fecesbook actually honored the deletion of accounts years ago.

[spartaman64]

https://www.vice.com/en/article/88awzp/facebook-says-its-your-fault-that-hackers-got-half-a-billion-user-phone-numbers

[LAwLz]

3 minutes ago, spartaman64 said:

https://www.vice.com/en/article/88awzp/facebook-says-its-your-fault-that-hackers-got-half-a-billion-user-phone-numbers

From what I have read regarding this leak, Facebook is actually correct. The information from the leak is only information that users have publicly shared. That is to say, if you have (or had) a Facebook account, which you had a phone number attached to, and you had that phone number as public data, then you're on that list. If you didn't, then you aren't (with reports of some exceptions, like users with deleted accounts still showing up which is bad).

If we are going to blame Facebook then we should focus on the default settings on the platform. I don't think blaming Facebook for "being hacked" is the right way go approach this because they weren't hacked in any way. Their platform worked just as intended. It's just that someone used it for malicious purposes in the same way someone could use let's say a phonebook in the same way.

 

Quote

I willingly posted personal information to Facebook and made it public for everyone to see. Now I am mad at Facebook that people can see my information.

This is essentially the argument currently being made, and I think it is an awful argument that should be dismissed easily, which is exactly what Facebook is doing. It sounds like people want their cake and eat it too.

 

Quote

The default options and dark patterns on Facebook make it so that people don't understand what data they are giving to Facebook, who can see it and how it affects them. This should change.

A much better argument that actually explains what is wrong and it is fixable.