In a shocking turn of events, a ton of user data that had been stolen from Facebook in 2019 has resurfaced. And this time, it's available to just about anyone with rudimentary data skills.
Half a Billion Facebook Users' Data Reemerges Online
On Saturday, the personal data of 533 million Facebook accounts was released online for free on a low-level hacking forum.
According the the Business Insider, the leak includes users' full names, phone numbers, Facebook IDs, locations, birth dates, and bios. In some cases, e-mail addresses were provided as well.
All 533,000,000 Facebook records were just leaked for free.
— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.
I have yet to see Facebook acknowledging this absolute negligence of your data. https://t.co/ysGCPZm5U3 pic.twitter.com/nM0Fu4GDY8
"Bad actors will certainly use the information for social engineering, scamming, hacking and marketing," tweets cybercrime investigator Alon Gal.
Previously, this information was sold in obscure corners of the internet between malicious hackers. A Facebook spokesperson told Fortune, "This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019."
Even though that's true, it's incredibly concerning that Facebook doesn't seem to be trying to stop the spread. When the leak originally took place, the company admitted that its technology was flawed—hence the data breach—but that wasn't good enough for much of the community.
Especially since the 2019 Facebook leak is considered by many as one of the worst data breaches of all time.
People are demanding an official statement from Facebook concerning their security. You can easily change your password or your phone number, but things like your full name, date of birth, and exact location are private information.
The mere addition of Facebook support for physical two-factor authentication keys isn't going to cut it anymore.
Facebook's Dicey Cybersecurity History
It isn't new for Facebook to be making headlines for its poor security, though typically the issues don't affect as many people as the breach in question. Gal's tweets detail a leak that affects almost a fifth of Facebook's userbase of 2.7 billion people.
In 2018, an unknown party or parties accessed around 50 million Facebook accounts by exploiting a vulnerability in the site's code. That same year, a bug was found to give third-party apps unwanted access to photos they didn't have permission to view.
Does this mean all of Facebook's efforts to strengthen its security are futile? We don't think so. Facebook Protect, for instance, is a good thing that should soon expand to everyone instead of just political figures, journalists, celebrities, etc.
But, there needs to be just as much effort in ensuring that leaks don't keep coming back as there is in stopping them from happening in the first place.