What’s unique about leak of 533 million Facebook accounts, how are Indian users affected and should you also be worried
Earlier this year, it emerged that personal information of over 533 million Facebook users from 106 countries had been leaked online. In January, Alon Gal, CTO of cyber intelligence firm Hudson Rock, first reported that a Telegram bot was being used to sell phone numbers for free.
The bot was using a vulnerability in a Facebook feature which allowed phone numbers linked to every account to be accessed for free.
This is not the first time that a data leak from Facebook has been reported — there have been numerous such instances in the past, with the most controversial among them in recent memory being the Cambridge Analytica scandal in 2018 when it was reported that a political consulting and strategic communications firm had collected personal information of around 87 million people through a personality quiz app that many had accessed through Facebook.
So, why is this data breach making news? What is unique about it and what are the potential implications? We explain.
What is the nature of the data that was compromised and how was it leaked?
The leaked data comprises personal information such as names, Facebook ID, addresses, phone numbers, email addresses, names of workplaces, date of birth, date of account creation, relationship status and bio. The data set did not include any financial information or passwords.
All 533,000,000 Facebook records were just leaked for free.
This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.
I have yet to see Facebook acknowledging this absolute negligence of your data. https://t.co/ysGCPZm5U3 pic.twitter.com/nM0Fu4GDY8
— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
The data was obtained through scraping whereby all the information was extracted by exploiting a vulnerability in Facebook’s contact importer feature.
Mike Clark, Product Management Director at Facebook, has stated in a blog post that the data was not stolen by hacking into its system but by scraping its platform.
As the blog post states, scraping is a common tactic that often relies on automated software to lift public information from the internet. While…