On 2 April 2021, around 533 million Facebook users data were leaked in a low level hacking forum. The published information includes Phone numbers and personal data. The data was leaked online and uploaded for free in low level hacking forums.
The data breach was found by the co-founder and the Chief Technical Officer of Hudson Bay, Alon Gal. Hudson Bay is a cybersecurity firm. He found the cache of the leaked data online on 3 April 2021.
According to Alon Gal, all your details on Facebook which include your name, occupation, gender, marital status, relationship status, the date of joining on Facebook, the place where you work, the date of joining your occupation, your Facebook bio, etc. He said in some cases even your Email ids and Phone numbers would have been leaked on the internet.
It is said that the exposed data includes the personal information of 533 million users across 106 countries. It is estimated that 36 million personal information has been leaked from the U.S, 11 million users personal information has been leaked from the U.K and around 6 million users personal information has been leaked from India, 8 million personal information from Brazil 3.8 million users personal information from Bangladesh, 1.2 million users personal information from Australia, etc.
These are some of the major countries whose users data have been released on the internet.
Previous Data Breach of Facebook
This is not the first time the data from Facebook has been leaked on the internet. In the year 2019 the same data, the data of 419 million users was leaked. It was being sold on telegram an instant messaging platform by charging a fee of $20 per search.
Similarly, the data was leaked in the month of June 2020 as well. Now the data has been leaked again and this time anyone who requires the data can access it for free from low level hacking forums. It is easily accessible to any individual who can misuse it.
Alon Gal has said that he discovered the leaked data in the month of January 2021 for the first time. It was through an advertisement by a hacking forum of an automated bot. The automated bot could provide phone numbers for hundreds of millions of Facebook users in return for a particular amount of money.
The Motherboard had reported on that bot’s existence during that point of time and also verified that the data was legitimate. He added that if you have a Facebook account then it is extremely likely that the phone number you used for your account was leaked online. Cyber researcher Dave Walker confirmed that Mark Zuckerberg's data was also leaked that revealed that he uses its competitors Signal messaging app.
Various possibilities to misuse the data
The leaked data is easily accessible by anybody on the internet. It can be used on different individuals for various cybercrimes. The details can be used and exploited by advertisers to target their set of customers to push targeted advertisements.
The data can also be used by hackers to perform hacking attempts or social media engineering attacks. In simple terms, they can use your data to hack your social media profiles. Even an individual with the basic level or underdeveloped data skill can use the leaked data to perform certain Cybercrimes.
In the year 2018, it was said that the political firm called Cambridge Analytica had mined the data from 50 million Facebook profiles. The firm had mined and gathered the data and later used it to help the political candidate from across the globe to target their candidates and making them win the elections. This was also covered in a Netflix documentary - The Great Hack.
This was revealed after the backdrop of the U.S presidential elections of 2016 and the referendum of Brexit.
According to Alon Gal, the leaked data could provide valuable information to cybercriminals who use people’s information to scam them or impersonate them into handing over their login credentials.
He also said that the huge information and the phone numbers which are leaked on the internet will lead certain bad actors to easily take advantage of the data.
Legal Solution in India
India is yet to have a strict data protection regulatory bill. Several countries in the West have Data Protection Regulation. In India, a bill names the Personal Data Protection bill is yet to be passed in the Lok Sabha. It has been pending since 2019.
The bill is said to contain certain provisions regarding to the breach of personal data. However, one can rely on sections 43A and 72A of the Information Technology Act of 2000. This article provides compensation in the case of improper disclosure of personal information.
From a security point of view, there is nothing much Facebook can do about the data leak of the users since it is already leaked on the internet and it has affected the users said, Alon Gal.
How did Facebook leak data?
The recent data breach is believed to relate to a vulnerability which Facebook reportedly fixed in August of 2019. While the exact source of the data can't be verified.
How to check if your Facebook data was leaked?
haveibeenpwned.com is a site developed by Australian web-security consultant Troy Hunt, where you can enter your phone number or email address and see the result.
How does Facebook make money from data?
Facebook makes most of its money by serving ads on the social media and messaging platforms it owns — Facebook, Messenger, Instagram, and WhatsApp. Advertisers pay Facebook to make their ads visible to people.
Alon Gal added on saying that what Facebook could possibly do is notifying users, so that they could stay cautious on certain phishing schemes or frauds using their personal data.