This data was scraped from profiles, making it readily available knowledge, unlike previous events in which Facebook has been involved. That doesn’t stop it from being dangerous.
It’s been a tough few days for Facebook. Last week’s outage harmed all of its platforms, this week’s testimony from a whistleblower could put the company back in hot water, and now it appears that personal and confidential data from over 1.5 billion Facebook accounts was offered on a hacker site.
The data for sale doesn’t indicate that the seller actually breached Facebook’s systems, nor that its data is linked to any other data breaches, according to privacy research firm Privacy Affairs. Instead, Privacy Affairs claims that the data was obtained by scraping information freely available on Facebook.
The fact that the data were stolen and for sale is publicly available shouldn’t ease anyone’s fears: This data can still be misused to jeopardize users’ security and privacy. In particular, the stolen data contains names, email addresses, locations, gender, phone numbers, and Facebook User ID information. Attackers may use readily available information to hack into your account. A single piece of that data might reveal password challenge answers, allow them to steal one-time login codes, phish for personal information, and more.
Facebook spokesperson claiming that the firm sent a takedown request
There have been some doubts about the seller’s and data’s legitimacy, with one potential buyer claiming they paid the user but never received any data. The allegations were denied by the seller, but as of October 6, the post had been removed, with a Facebook spokesperson claiming that the firm sent a takedown request.
While the risk of this data set being utilized may have decreased owing to its removal from this particular forum, it’s unknown if it will be re-posted elsewhere or how many purchasers may already have acquired some of it. There are almost three billion users on Facebook, which implies that data about up to half of them may be in the hands of bad actors.
The data, according to Privacy Affairs, appears to be genuine in the samples provided on the forums. The seller claims that their company has been in operation for at least the past four years and has served over 18,000 customers during that period. The data didn’t match any known Facebook leaks, which Privacy Affairs said might indicate that the information is all new and genuine.
The data exposed in this leak, if authentic, “may constitute one of the biggest and most significant Facebook data dumps to date,” Privacy Affairs founder and CEO Miklos Zoltan said.
Scraping: A dangerously simple way to compromise privacy
A bot can collect and store anything that is publicly available in a database, spreadsheet, or another file. That’s not the only tool attackers use, though: They also use Facebook quizzes like “Which character from X show are you?” in order to harvest data.
“Every time someone enters one of these surveys or quizzes, they permit the creators of these games to view their personal Facebook information such as full name, email, phone number, location, gender, and more,” said Zoltan.
Scraping only needs data to be accessible, so Facebook users should make sure their profiles are never made public. It’s also a good idea to go through a Facebook privacy checkup to be sure there are no errant bits of data sneaking out from places you thought were secure.
Never give Facebook quizzes or enable access to your personal information to any of its applications. Only use surveys, games, and quizzes from known trustworthy sources.
If your information has already been scraped, it’s too late to do anything about it; but you can secure your account now to prevent future data from being stolen.
