The unsecured database was made available for download last week on an online hacker forum belonging to a crime group. Comparitech initially shared reports of the breach.
Facebook data breach: Here’s what we know
According to Comparitech, the breach was spotted by security researcher Bob Diachenko, who uncovered that the database – containing users’ names, user IDs and phone numbers – was openly accessible
Following the reports, Facebook said in a statement to AFP that they are “looking into the issue”. A Facebook spokesperson explained:
“We are looking into this issue, but believe this is likely information obtained before changes we made in the past few years to better protect people’s information.”
Facebook paid a record $5 billion penalty early this year in a settlement with the regulator over mishandling users’ private data. In another incident, a Facebook bug could open the iPhone camera without permission.
Facebook’s data exposure threat
The leaked data could be used in a number of ways, such as SIM hi-jacking; when a hacker performs an unauthorised sim swap on an existing number to gain access to the information linked to it.
It’s possible that the users whose data was contained in the database could see an uptick in spam calls and SMS phishing attempts in the following days.
Scraping, an illegal act, could be a possible explanation for how this data was stolen. Scraping involves deploying bots to obtain data from publicly available Facebook profiles.
However, Tom’s Guide pointed out that Facebook tightened its access in April 2018, after the Cambridge Analytica scandal broke in March. It is therefore not so easy to ‘scrape’ Facebook anymore.
What can you do?
South Africans are hopefully not affected by this, as most of the data seems to contain the details of US citizens. However, there’s not really much you can do after the fact.
In addition, you can also secure your account by going to your Facebook settings by clicking the dropdown arrow at the top right of your desktop browser, and select Privacy.
Take these steps to secure your account
Go to Privacy Settings and Tools, and secure your account by restricting all available options to “Friends”, if it’s not set to that already. If “Everyone” is selected, then everyone on the world wide web can view your posts and information.
Of course, there are other measures you can, and should, take to keep your information secure, such as controlling third party app logins and setting up two-factor authentication.
Furthermore, parents ought to take additional measure to ensure their children’s safety when it comes to using Facebook and Instagram apps. Read more here.