Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

Facebook Suffers Huge Leakage

On 4/4/2021 at 8:09 AM, Grand Admiral Thrawn said:

PSA: if you happen to use Facebook, check over here if your data has leaked: https://haveibeenpwned.com/

A quick update to my PSA.

 

'Thanks' to this leak Troy Hunt, the creator of HIBP, added the ability to check using your phone number if your data has leaked as most of the leaked info was based of the phone numbers themselves rather than email addresses as it usually happens.

So if you did not get a confirmation of the leak using your email address, try checking with your phone number.

 

I myself found one confirmation of my friends Facebook data being leaked in this one after checking with the phone number even though the email returned no leaks.

 

 

I require no glory, only results.

Link to post
Share on other sites
On 4/4/2021 at 12:40 AM, LAwLz said:

It's not anywhere near as bad as it sounds. 

It's just the name, email address, Facebook UID and phone numbers of users (at most), and it was only on users that had that info public anyway. 

 

The "hacker" just scraped public info. The "security issue" was that there was no limit on how much info you could scrape. 

 

Edit: Some people have more than just the name, email, UID and phone numbers "leaked". For example marriage status, gender etc. But it is only info that was set to public. Basically, it's just an ordered text document of whatever info was public at the time someone scraped it. Seems like it's up to 12 different pieces of info that could be scraped.

The problem is they assume responsibility for the safe keeping of this data, regardless of how general or "open source" it might be.

 

Facebook is already a go to when doing any sort of open source intelligence (OSINT). What the real issue I see is the indexing of all this data/metadata for advertising, profiling, etc. Just makes it easier to do bad.

Link to post
Share on other sites

I've checked the leaked databases and from the looks of it Fecesbook actually honored the deletion of accounts years ago.

AMD Ryzen 7 5800X | ASUS Strix X570-E | G.Skill 32GB 3600MHz CL16 | PALIT RTX 3080 10GB GamingPro | Samsung 850 Pro 2TB | Seagate Barracuda 8TB | Sound Blaster AE-9 MUSES

Link to post
Share on other sites
3 minutes ago, spartaman64 said:

From what I have read regarding this leak, Facebook is actually correct. The information from the leak is only information that users have publicly shared. That is to say, if you have (or had) a Facebook account, which you had a phone number attached to, and you had that phone number as public data, then you're on that list. If you didn't, then you aren't (with reports of some exceptions, like users with deleted accounts still showing up which is bad).

If we are going to blame Facebook then we should focus on the default settings on the platform. I don't think blaming Facebook for "being hacked" is the right way go approach this because they weren't hacked in any way. Their platform worked just as intended. It's just that someone used it for malicious purposes in the same way someone could use let's say a phonebook in the same way.

 

Quote

I willingly posted personal information to Facebook and made it public for everyone to see. Now I am mad at Facebook that people can see my information.

This is essentially the argument currently being made, and I think it is an awful argument that should be dismissed easily, which is exactly what Facebook is doing. It sounds like people want their cake and eat it too.

 

Quote

The default options and dark patterns on Facebook make it so that people don't understand what data they are giving to Facebook, who can see it and how it affects them. This should change.

A much better argument that actually explains what is wrong and it is fixable.

Link to post
Share on other sites
2 minutes ago, LAwLz said:

From what I have read regarding this leak, Facebook is actually correct. The information from the leak is only information that users have publicly shared. That is to say, if you have (or had) a Facebook account, which you had a phone number attached to, and you had that phone number as public data, then you're on that list. If you didn't, then you aren't (with reports of some exceptions, like users with deleted accounts still showing up which is bad).

If we are going to blame Facebook then we should focus on the default settings on the platform. I don't think blaming Facebook for "being hacked" is the right way go approach this because they weren't hacked in any way. Their platform worked just as intended. It's just that someone used it for malicious purposes in the same way someone could use let's say a phonebook in the same way.

 

This is essentially the argument currently being made, and I think it is an awful argument that should be dismissed easily, which is exactly what Facebook is doing. It sounds like people want their cake and eat it too.

 

A much better argument that actually explains what is wrong and it is fixable.

the problem here imo is that they used a facebook tool to do it. its the same thing as the cambridge analytica leak

Link to post
Share on other sites

Hold on a minute....A company with a history of leaking personal information and selling personal information had another leak. Not going to get into all the parts of whats good or not good and all that. But as someone in the IT field this shouldn't be a surprise.

Link to post
Share on other sites

If you want to check if any of your contacts phone number are part of the leak and don't want to check every one of them by hand, I've created a small python program do to it.

https://github.com/m0nsieurPsych0/Facebook_Leak_Contact_Checker

 

All you have to do is provide a vcard (.vcf) and a file from the leak ( you can find on your favorite torrent site) and the program will pull out the info associated with that phone number.

I found 21 phone numbers in my contacts that were leaked!

 

**edit: typo**

Link to post
Share on other sites
45 minutes ago, m0nsieurPsych0 said:

If you want to check if any of your contacts phone number are part of the leak and don't want to check every one of them by hand, I've created a small python program do to it.

https://github.com/m0nsieurPsych0/Facebook_Leak_Contact_Checker

 

All you have to do is provide a vcard (.vcf) and a file from the leak ( you can find on your favorite torrent site) and the program will pull out the info associated with that phone number.

I found 21 phone numbers in my contacts that were leaked!

 

**edit: typo**

Have i been pawned is better and easier solution:

https://haveibeenpwned.com/

A PC Enthusiast since 2011
AMD Ryzen 5 2600@3.9GHz | GIGABYTE GTX 1660 GAMING OC @ Core 2085MHz Memory 5000MHz
Cinebench R15: 1382cb | Unigine Superposition 1080p Extreme: 3439
Link to post
Share on other sites
3 hours ago, m0nsieurPsych0 said:

If you want to check if any of your contacts phone number are part of the leak and don't want to check every one of them by hand, I've created a small python program do to it.

https://github.com/m0nsieurPsych0/Facebook_Leak_Contact_Checker

 

All you have to do is provide a vcard (.vcf) and a file from the leak ( you can find on your favorite torrent site) and the program will pull out the info associated with that phone number.

I found 21 phone numbers in my contacts that were leaked!

 

**edit: typo**

I will be sending my sister a link to this thread.  She uses Facebook a lot and has for a long time.

Life is like a bowl of chocolates: there are all these little crinkly paper cups everywhere.

Link to post
Share on other sites
On 4/10/2021 at 4:52 PM, Vishera said:

Have i been pawned is better and easier solution:

https://haveibeenpwned.com/

Easier only if you have a handful of contacts to check. Personally I have more than a hundred phone numbers. I did not see myself trying to enter each one by hand. Using my program and checking for all my contact's take about 5 seconds to complete and pull out 21 hit.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×