Personal information on hundreds of millions of Facebook users, including names, birth dates, locations, phone numbers and in some cases, email addresses was leaked online on Saturday on a hacking forum. The leaked data belongs to 533 million users from 106 countries, including over 32 million records on users in the US and 11 million on users in the UK.
A Facebook spokesperson tweeted that the data was from a leak that occured back in 2019.
“This is old data that was previously reported on in 2019,” Facebook spokesperson Liz Bourgeois said. “We found and fixed this issue in August 2019.”
However, cybercriminals will definitely use this information for social engineering, scamming, hacking or even marketing.
In 2019, security researchers found more than 540 million Facebook user records in a public database on Amazon’s cloud servers. In the same year, TechCrunch revealed information about a server that contained several databases with more than 419 million Facebook records from users in the US, UK and Vietnam.
Data breach service „Have I Been Pwned” can be used to check if your information was included as part of the dataset. The website owner is still considering if they should make the leaked phone numbers available through the service.
If your email address was breached, change your password for that account, and set up two-factor authentication where possible. If you find out your password itself was compromised, you can no longer use that password, and should immediately change your passwords on all affected accounts. We recommend to use a password manager, there are both free and paid solutions available.
A good security practice is, in general, to keep the data that you share on social media to a minimum. The moment you choose to share your information, keep in mind that it’s being stored on someone else’s server and can always get breached. Never expose sensitive information such Identity Documents (birth certificate, driver’s license, ID card, passport etc) or your Social Security Number. In case such information got exposed, you need to reach out immediately to the responsible institution, to report the incident, and to file for new personal identity documents.
Read more about Enea’s Cybersecurity Services here.