Cyber agency CERT-In asks Indian FB users to enhance account privacy
Country’s cyber security agency CERT-In has advised Facebook users to strengthen their account privacy settings after a recent global ‘data scraping’ incident in the social media platform was detected that affected about 61 lakh Indians.
“As the Facebook platform evolves and grows, parts of your account could be public. Data could also be collected and shared in ways you don’t know about,” the Indian Computer Emergency Response Team or CERT-In said in a public advisory issued on Monday.
It is the federal technology arm to combat cyber attacks and guard the Indian cyber space against phishing and hacking assaults and similar online attacks.
“It has been reported that globally there has been a large scale leakage of Facebook profile information. The exposed information includes email addresses, profile ID, full name, job occupation, phone numbers and birth date.
“According to Facebook, the scraped information does not include financial information, health information or passwords, however information from more than 450 million unique Facebook profiles globally, including approximately 61 lakh Indian individuals, has been made publicly available in multiple cyber criminal forums for free,” the advisory said while explaining the breach.
A cyber security expert had spoken about this online leak earlier this month, which was acknowledged by the company, stating that “this is old data that was previously reported on in 2019. We found and fixed this issue in August 2019”.
The CERT-In said that Facebook has claimed that this ‘data scraping’ happened by using the “contact importer” feature of the platform, which allows users to find other users by using their phone numbers.
“Facebook stated that this feature was changed in September 2019, following the discovery that threat actors were abusing the feature.
“However, while Facebook modified the feature in 2019 to thwart this kind of abuse, the phone numbers of 450 million global users had already been harvested by malicious actors, along with other identifying information on users,” it said.
Dejargonising the term ‘data scraping’, the advisory said it…