On April 3, 2021, Alon Gal, co-founder of cybercrime intelligence firm Hudson Rock, alerted the public via Twitter that a Facebook data leak had made 533 million personal records available online “for free.” There are records for more than 32 million accounts in the US, 11 million in the UK, and 6 million in India. Leaked details in some cases included full name, location, birthday, email addresses, phone number, and relationship status.
Facebook said the data was scraped in 2019, when malicious actors took advantage of a vulnerability with its contact importer tool. It also said it had fixed the issue in September 2019.
The scraped information did not include financial information, health information or passwords. Although the data is from 2019, it could still be of value to hackers and cyber criminals who engage in identify theft.
Following a massive data leak to the political research firm Cambridge Analytica, Facebook reached a landmark agreement with the US Federal Trade Commission in 2019, that requires the company to report breaches affecting 500 or more users within 30 days of confirming an incident.
What can you do to protect yourself ?
- Visit the web site Have I Been Pwned, and enter your email address or phone number. The site run by security researcher Troy Hunt.
- If your data has been compromised, change your password and enable two factor authentication.
Read more about it here.