Cyber Security: Facebook breach

It feels like Facebook is a repeat offender when it comes to cyber security issues, they’ve had multiple breaches over the years.

In April of 2021, it came out that 533 million Facebook user details had been leaked. 

The details included names, dates of birth, locations, email addresses and phone numbers. 

Facebook disclosed that the data breach that led to this leak happened in 2019, saying that they had resolved the issue at the time. 

The breach wasn’t made public when it occurred and no users were notified that their information had been stolen. 

The stolen data was posted the next year on a hacking forum for free – so who had access to the leak was unknown. 

Millions of Facebook user details

It was also made apparent that the way the data was sorted and posted was intended to make it more accessible and understandable for hackers to take and exploit. 

The stolen data was discovered by a cybercrime intelligence firm called Hudson Rock. 

Originally, the leak was posted on a forum, where a hacker was advertising a hacking bot that would provide you with phone numbers from Facebook users if you paid. 

It was confirmed by Motherboard that this bot did exist and that the data was legitimate. 

Months later, this data was leaked for free giving any hacker on the forum access to millions of Facebook user details. 

Was it deceptive of Facebook?

The vulnerability which led to this attack was discovered in 2019 and resolved, like Facebook said. 

The vulnerability allowed phone numbers to be scraped from the Facebook servers. 

Even though the vulnerability was patched, the issue was that Facebook did not make any of its users aware of the breach. If they had, they could have issued a warning on how to check if your data was leaked, how to avoid scams and what to look out for. 

Instead, they moved on silently. Even though this wasn’t breaking any laws, it was brought up as an ethical failure on Facebook’s part. 

Alon Gal, the chief technology officer at Hudson Rock stated: “Individuals signing up to a reputable company like Facebook are trusting them with their data, and Facebook [is] supposed to treat the data with utmost respect. 

“Users having their personal information leaked is a huge breach of trust and should be handled accordingly.” 

Overall, the vulnerability was solved quickly after it was discovered, meaning that there was nothing Facebook could have done to resolve the breach after it occurred. 

No laws were broken and there would be no punishment, but this data breach did bring up a few questions. 

Should there be laws on informing users if their data has appeared in a leak? 

Was it deceptive of Facebook to have not disclosed the breach to its users? 

Can we trust companies like Facebook with our personal information? 

Keeping your data safe

How this breach occurred and how it was handled afterwards offers a lot of information that can be taken into account while answering those questions. 

Keeping your data safe should always be the priority.