This April, millions of Facebook users’ personal information was uploaded to a public database by hackers…
Over 533 million Facebook users were affected. The data includes cellphone numbers, Facebook ID, bios, locations, birthdays and relationship statuses. The database encompasses around 20% of Facebook’s subscribers according to experts.
The leaked data is a security concern for many, who may become targets of cybercrime now that their personal information has been revealed. Alexander Moiseev, Chief Business Officer at Kaspersky says IT security is the biggest concern for about 59% of organisations around the world.
He says last year alone, at least every second organisation, around 46%, experienced data breaches as a result of different cybersecurity incidents.
“For users, this means we have to be very vigilant. Though we may be accustomed to leaving different information about ourselves on the Internet, we still need to control what we really want to make public and what we don’t. That’s why it is important to understand how our data can be used if it appears in the wrong hands – for phishing, social engineering or account takeovers,” says Moiseev.
Was South Africa affected?
According to Business Insider, South Africa is not listed as directly affected, but some IDs under the Africa section have been linked to South Africans.
Alon Gal, CTO of cybercrime intelligence firm Hudson Rock first discovered the leak in January when the information was offered at a substantial fee. However, the data was subsequently made available online for free.
In early 2020 a vulnerability that enabled seeing the phone number linked to every Facebook account was exploited, creating a database containing the information 533m users across all countries.
It was severely under-reported and today the database became much more worrisome 1/2 pic.twitter.com/ryQ5HuF1Cm
— Alon Gal (Under the Breach) (@UnderTheBreach) January 14, 2021
How did Facebook respond?
According to a blog post by Facebook’s Mike Clark, the data was ‘scraped’ from the Facebook system in September 2019. When the company noticed the security issue that allowed for this to happen, they implemented measures to prevent it in future.
“It is important to understand that malicious actors obtained this data not through hacking our systems but by scraping it from our platform prior to September 2019,” said Clark.
He explained that it was obtained through a feature they had for users to find each other via their phone number – but this feature no longer exists due to scraping of their servers by malicious parties, but they have done everything possible since then to protect user information.
While the data may have been previously scraped, the “where” and “how” its being made available now is very significant as this particular hacking forum links all that data together and ties it neatly to each victim giving a complete data set profile to cyber criminals on a silver platter.
Dmitry Galov, security expert at Kaspersky has warned people not to over-share online, “To protect your personal information online, the best thing you can do is limit the types of information you share on social media platforms. Kaspersky’s free Privacy Checker tool can help you configure your social media accounts’ privacy settings to provide the appropriate level of security.”
How to check if you have been compromised
There are a few sites you can use to check if your information was compromised in any online data breaches.
Go to Have I Been Pwned, and enter your phone number or email address to find out if your data has been stolen.
Make sure to change your passwords and check your security settings on your social media profiles.