533 million Facebook users' personal data have been leaked online

"533 million Facebook users' phone numbers and personal data have been leaked online...

A user in a low level hacking forum has published the phone numbers and personal data of hundreds of millions of Facebook users for free online.

The data includes phone numbers, full names, location, email address, and biographical information...

The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses..."

https://www.businessinsider.com/stolen-data-of-533-million-facebook-users-leaked-online-2021-4

 

Huge leak. It will probably lead to some financial punishment. I wonder if data from EU users also leaked online. Article did not mention that, but with that large number of account I doubt that at least some of data was not from EU as well.

 

Data from millions of users in 10 EU member nations was included in the leak.

Full list of affected users by country:

https://twitter.com/UnderTheBreach/status/1349674272227266563

 

If I understand correctly data was harvested from Facebook in first half of 2020, but was not free. It was expensive and hard to find. Now all records are leaked for free.

 

Now I know why I would never have and never will have a Facebook Account.

 

So how to find out if you are part of this leak? I don't have Facebook but I do have family members that are.

 

"...The intruders reportedly took advantage of a flaw that Facebook fixed in August 2019 and reportedly includes information from before that fix..."

https://www.engadget.com/facebook-533-million-user-personal-data-leak-180156777.html

 

“...'This is old data that was previously reported on in 2019,' a Facebook spokesperson wrote in an email statement. 'We found and fixed this issue in August 2019.'...”

https://www.bloomberg.com/news/arti...-on-533-million-users-leaked-business-insider

 

A 2019 report on the original leak:

"More than 540 million records about Facebook users were publicly exposed on Amazon's cloud computing service, according to a cybersecurity research firm.

A report out Wednesday by UpGuard said two third-party Facebook app developers posted the records in plain sight, causing yet another major data breach for the world's biggest social network..."

https://www.cbsnews.com/news/millions-facebook-user-records-exposed-amazon-cloud-server/

 

The fine will be the same as a penny to me. Facebook usage will continue to grow. No new substantial & ongoing security measures will be taken.

Everything remains the same.



Oh yeah ha ha.

 

"Mark Zuckerberg's cell phone number is among the leaked personal data from 533 MILLION Facebook users released by hackers...

Facebook CEO Mark Zuckerberg's cell phone number is among the leaked personal data from 553 million users of the site posted online by hackers.

Zuckerberg's name, location and marriage information, date of birth and Facebook user ID were among the trove of stolen personal data published on a hacker forum on Saturday, cyber researcher Dave Walker confirmed.

Facebook co-founders Chris Hughes and Dustin Moskovitz also had similar personal details included in the leaked data..."

https://www.dailymail.co.uk/news/ar...ivate-details-500-million-Facebook-users.html

 

Just validates my theory that everything will eventually be hacked, your bank, your credit card, the IRS, your ISP, Amazon, etc. Just a matter of time, me, I'm not worried, with billions of accounts etc. leaked the chances are that mine will ever be accessed is very slim.

 

- Luckily I gave some fake personal information (except my emailadress) to Facebook when I registered with Facebook. I already knew Facebook would use my personal data to sell advertisements and use for other nefarious purposes.

 

Attacks can be automated to reach masses, especially mail-based phishing and spam.
It is worth to assume every account can be hacked (but may not) and take steps to minimize, contain damage - have unique password for every account, even better unique e-mail alias for every one of them and minimize sending other personal data.

I do created different e-mail account (not only alias - just different e-mail account) for Facebook and used fake name. IIUC Facebook minimize use of phone number if one use e-mail as account identifier and phone number was only entered as 2FA measure. If you register an account on Facebook use different e-mail account or an alias. If you want to use sms-based 2FA then enter phone number for and only for 2FA purposes. Do not enter phone number in your Facebook profile!
Actually this leak may confirm or deny claim Facebook uses phone numbers entered for 2FA only for that purpose.

 

I'm not worried either, but it would never occur to me to create a Facebook account.

 

How to check if your info was exposed in the Facebook data leak

https://www.bleepingcomputer.com/ne...r-info-was-exposed-in-the-facebook-data-leak/

 

Ditto.

 

Since this is Facebook you probably don’t even have to have an account with them to be affected by this leak...

What if your info is in the address book of a family member, colleague, friend, ... who does use Facebook?

 

WoW! Good Point.

 

"Facebook leak: Irish regulator probes 'old' data dump...

Ireland's Data Protection Commission (DPC) said it is looking into a data dump of personal information from hundreds of millions of Facebook users...

Ireland's regulator is critical to such investigations, as Facebook's European headquarters is in Dublin, making it an important regulator for the EU...

The DPC's deputy commissioner Graham Doyle said the recent data dump 'appears to be' from the previous leak - and that the data-scraping behind it had happened before the EU's GDPR privacy legislation was in effect.

'However, following this weekend's media reporting we are examining the matter to establish whether the dataset referred to is indeed the same as that reported in 2019,' he added..."

https://www.bbc.com/news/technology-56639081

 

We can also check if our phone numbers were leaked here: https://haveibeenfacebooked.com/

 

Nah, leaked data was accessed from Facebook profiles including private profiles (hidden by privacy settings). Not from data collected from contact books.