KOLKATA: Social media giant Facebook has become embroiled in yet another privacy breach controversy, as the personal data of around 53.3 crore users has been allegedly leaked. The breach includes data of 60 lakh users in India as well.
According to reports, phone numbers, Facebook IDs and bios, full names, birth dates, locations, even email addresses in some cases have been exposed. “A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks [or] hacking attempts,” said cybercrime intelligence firm Hudson Rock CTO Alon Gal, who spotted the leak on Saturday.
Facebook claimed in an email statement that this is old data that was previously reported on in 2019 and the issue has already been fixed. However, the company has not taken any steps yet to notify users if their data has been compromised. Even if the data is outdated, it could provide valuable information to cybercriminals. Moreover, a lot of old data may remain relevant given that many of the phone numbers or email ids associated with the account could be the same as earlier.
In January, a user in a hacking forum advertised an automated bot that sold phone numbers of millions of Facebook users. Now the entire dataset has been posted online for free on low level hacking forums making users more vulnerable to cybercrimes.
Facebook has been grappling with data security issues for years. In 2018, the platform disabled a feature that allowed users to search for one another via phone number following revelations that the political firm Cambridge Analytica had accessed information on up to 87 million Facebook users without their knowledge or consent.
In December 2019, a Ukrainian security researcher reported finding a database with the names, phone numbers and unique user IDs of more than 267 million Facebook users — nearly all US-based — on the open internet. It is unclear if the current data dump is related to this database.