NATIONAL NEWS - The personal details of 533 313 128 Facebook users, such as a member’s mobile number, Facebook ID, name, gender, location, relationship status, occupation, date of birth, and email addresses has been released on a hacker forum.
According to the BleepingComputer, the data first appeared on a hacking community in June 2020 when a member began selling the Facebook data to other members.
“What made this leak stand out was that it contained member information that can be scraped from public profiles and private mobile numbers associated with the accounts,” they said.
On Saturday, 3 April, the same Facebook data was released for free on the same hacker forum for eight site ‘credits’, a form of currency on the hacker forum, equal to approximately $2.19, according to the BleepingComputer.
“While data breaches are initially sold in private sales for a high price, it is common for them to be sold for lower and lower prices until they are eventually released for free as a way of earning reputation within the hacker community,” they explained.
Mike Clark, Product Management Director at Facebook, responded to the breach in a post on their site.
“We have teams dedicated to addressing these kinds of issues and understand the impact they can have on the people who use our services. It is important to understand that malicious actors obtained this data not through hacking our systems but by scraping it from our platform prior to September 2019,” Clark said.
Clark added that scraping is a common tactic that often relies on automated software to lift public information from the internet that “can end up being distributed in online forums like this”.
“The methods used to obtain this data set were previously reported in 2019. This is another example of the ongoing, adversarial relationship technology companies have with fraudsters who intentionally break platform policies to scrape internet services,” he explained.
He reiterated that Facebook is “focused on protecting people’s data” by working to get this data set taken down.
“We will continue to aggressively go after malicious actors who misuse our tools wherever possible. While we cannot always prevent data sets like these from recirculating or new ones from appearing, we have a dedicated team focused on this work,” he concluded.
BleepingComputer shared the top 20 geographic locations where members were exposed, as described by the threat actor:
The website Have I Been Pwned (HIBP), a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or “pwned” in a data breach, have provided users with an easy way to check if their phone number or email has been breached.
Simply visit their website at https://haveibeenpwned.com/, add in your phone number or email address and see if your data has been breached.