533 million data points published online on the “clean web”. The Data Leak that can cost Mark Zuckerberg dearly.
A database already stolen from Facebook in 2019. Among the names are also those of the founder of the social network.
What happened?
On April 3, a Facebook data leak was disclosed, a database of 500 million pieces of information divided by countries, 106 countries involved and more than 90% of the social network’s users: 32 million in the US, 11 million in the UK and 6 million in India.
Italy is among the most affected countries, in fact more than 36 million subjects are involved in the information. Phone numbers, first and last names, sentimental situations, movements and personal passwords of over 36 million Italians have been hacked along with more than 400 thousand email addresses. Among the victims of this attack there would also be Mark Zuckerberg himself, founder of Facebook.
It was Alon Gal, chief technology officer of the cybercrime company,
Hudson Rock
, who discovered the data leak. The same expert believes that the republication is linked to someone’s sale of data.
All 533,000,000 Facebook records were just leaked for free.
This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.
I have yet to see Facebook acknowledging this absolute negligence of your data. https://t.co/ysGCPZm5U3 pic.twitter.com/nM0Fu4GDY8— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
Have I been hacked?
The database of information had already been leaked in 2019 to Facebook, and just a week ago someone posted the sensitive data of half a million people online.
A few hours after the news exploded, users of the social network were curious to find out if their name or phone number was also included in the data set.
To find out if your name or e-mail address is among the records of the stolen database, numerous sites have sprung up, including
“haveibeenpwned”
. Just enter your surname, email or mobile phone number to find out how many times the individual data has been hacked.
Most of the users on the platform have been victims of this breach, which is why the
Guarantor for the protection of personal data
has warned those involved of any future hacker attacks.
“The
reminds all users affected by the breach of the need to pay particular attention in the coming weeks to any anomalies related to their telephone users: such as, for example, the sudden absence of reception in places where the mobile phone normally has good reception. Such an event could be a sign that a criminal has taken possession of our phone number to use it for fraudulent purposes.”
The concern of the Privacy Guarantor is mainly linked to “SIM swap fraud”, i.e. the cloning of the SIM cards of the subjects present in the database. UAnother risk is also related to the fact that often mobile numbers are only used as an authentication system and used for the “password change” operations of accounts.
Is LinkedIn also in the crosshairs of hackers?
The business’s social network is the victim of another data breach. In this case, however, the data seems to be different. Second
Cybernews,
an archive containing data allegedly scraped from 500 million LinkedIn profiles , has been put up for sale on a popular hacker forum, with another 2 million records leaked as sample evidence by the author of the post. But LinkedIn immediately responds to the accusations with an
official statement
, in which it specifies
“We looked at an alleged set of LinkedIn data that was posted for sale and determined that it is actually an aggregation of data from numerous websites and companies. This was not a LinkedIn data breach, and in what we were able to look at, a private member’s account data from LinkedIn was not included.”
Where does the data come from?
From the
official press release
published by Facebook, the problem would be related to the address book API. A function (inhibited in August 2019) that allows the synchronization of contacts in the phone book with that of Facebook contacts.
“
This feature is designed to help people easily find their friends to connect with on our services using their contact lists.
… Through the previous functionality, they were able to query a number of user profiles and get a limited set of information about those users included in their public profiles. The information did not include financial information, health information, or passwords.”
How to defend yourself now?
The alarm bells continue to ring, our data is increasingly exposed and we are less and less protected.
How to prevent it from happening again? How to protect our data?
Do you already have a plan to prevent a data leak in your company?
Carrying out a Vulnerability Assessment allows us to find out if our company or website has vulnerabilities that could put our precious information assets at risk of cyber attack.
