Earlier this month, it was discovered that the data of approximately 533 million Facebook users had been circulating publicly on the Internet after a data leak. The data included things like profile names, Facebook ID numbers, email addresses and phone numbers, which admittedly could have already been leaked or scraped from another source. However, it is another resource that ties together the information of each victim, presenting scammers or hackers with a clean profile of the victims.
As it turns out, this data leak was facilitated by a flaw in Facebook’s address book contacts import feature, which the attackers exploited. Facebook has stated that this vulnerability was patched back in August 2019, but it is unknown how many times the bug was exploited before then.
How to check if you were exposed
The best way of checking if your phone number or email address have been compromised would be to use the breach tracking site HaveIBeenPwned. If the site says that your information has been affected, then changing passwords would be a first logical step. This is not the first time this has happened with Facebook – several years ago they had the same issue when fixing Instagram’s contacts importer. The real panic stems more from the way that Facebook’s management has been handling these leak situations. They tend to remain quiet for some time after being notified that a potential breach may have occurred. In this particular breach, with 533 million accounts exposed, Facebook hasn’t even given it’s affected users notification on whether or not the issue has been fixed, or how to move ahead after such an incident.
Dealing with breaches is a very scary process, and one that shouldn’t be taken lightly. Even if there were no passwords or usernames leaked, it is still very alarming as phone numbers are also very critical primary keys to user’s data. This is because phone numbers are commonly used for authentication for app and platform usage.
For more information on how to protect, mitigate and bounce back from a cyber-attack, contact us at Agilient.