On Saturday, the personal data of over 533 million Facebook users were published in an online forum used by cybercriminals.
“The exposed data includes personal information of over 533 million Facebook users from 106 countries. Including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and – in some cases – email addresses.” According to Business Insider.
It’s not clear how many users in Africa were affected. Over 14 million South Africans had their Facebook data leaked according to an analysis by privacy protection company Surfshark. The last time a data breach happened was in 2018, 96,134 South African users were affected by the Cambridge Analytica data breach.
This information shared online is from the same pool that people could pay for portions of using a Telegram bot, which was reported on in January. Facebook’s initial response was that the data was originally scrapped due to a vulnerability that Facebook reportedly fixed in 2019, but some experts disagree.
According to Alon Gal, CTO of a cybercrime intelligence firm, who first discovered the entire trough of leaked data online on Saturday, the compromised data could provide valuable information to cybercriminals who use people’s personal details to impersonate or scam them into handing over login credentials.
What’s Facebook doing about it?
Considering the fact that Facebook has fixed the vulnerability, there’s not much the social network conglomerate can do to help affected users– since their data is already out in the open. Gal advised that Facebook should notify users to remain vigilant for impersonation schemes or fraud involving their personal data.
What can you do?
Check if you’re compromised: The first step is to find out whether your data is involved. A popular site that allows you to run a quick check is Have I Been Pwned. Have I Been Pwned will confirm if your email or phone number has been involved in this Facebook data breach or any other data breach.
Rethink how much information you share: It’s inevitable: you have to share some information with Facebook, and any other social media site, in exchange for its services. But now more than ever, it’s important to reconsider how much personal information you unwittingly share online.
Also, while it might be easier to use Facebook to automatically sign in to other accounts, if your Facebook account is compromised, a cybercriminal could have automatic access to websites linked to your Facebook account.
Use strong passwords: “qwerty”, “password”, “123456” were some of the most popular passwords used in 2020 and 2019. Even though remembering highly secure passwords is a difficult feat, it’s safer to create different passwords for your favourite sites; or better still use a password manager. While it won’t stop your data from ever being stolen, if your password for a site is leaked it will only work for that one site.
This incident brings up the conversation of data privacy and why it’s important to pay attention to who has access to your personal data.
*Story updated to include the number of South Africans whose Facebook data was leaked.