Facebook data leak

Personal information from over a half billion compromised Facebook accounts was recently offered for sale on a Dark Web forum.

Retailing for less than three dollars a pop, the information on offer includes full names, birthdays, phone numbers, geographic locations, and in some cases, email addresses. A site vulnerability in 2019 seems to be how the information went walkabout according to reports.

While the scraped data doesn’t contain extremely sensitive information like passwords or Social Security numbers, any scammer worth their horrible karma would have no problem using the information that was leaked to launch a clicky phishing attack as well as other social engineering scams, which often incorporate personal data to gain a target’s trust or trigger a quick-click response.

This compromise dwarfs the Cambridge Analytica scandal, where the information of 87 million users was misappropriated.

If you have a Facebook account, check to see if your information was included in the leak. Haveibeenpwned.com has the database among other similar site. Bear in mind, the available information only applies to the 2.5 million leaked accounts that included email addresses. You may still be affected even if you do not find your information on these lists.

The bottom line: Follow basic data hygiene measures. Use two-factor authentication whenever it’s available and be wary of incoming emails, texts, and phone calls.

Takeaways:

  • Given the size of the data leak, Facebook users should assume that their personal information was included and take necessary precautions.
  • The personal information included in the leak can be used in social engineering and phishing campaigns.
  • Online accounts should be protected with common sense security measures including 2-factor authentication and unique, strong passwords.