What Was the Real Cause of Facebook’s Data Leak?

Share post:

A very large trove of Facebook data has circulated publicly, revealing information from roughly 533 million Facebook users which include profile names, Facebook ID numbers, email addresses, and phone numbers. 

Facebook, explaining in its Tuesday blog, said that the data hack was made possible after an attacker exploited a flaw in a Facebook address book contacts import feature. The social media giant said it had patched the vulnerability in August 2019 but remains unclear as to how many times the bug was exploited before then.  High profile victims of the hack included Facebook creator Mark Zuckerberg, US Transportation secretary Pete Buttigieg, and European Union Data Protection Commissioner Didier Reynders.

Data sets being sold in criminal forums  are often mashed together and are recombined. However, based on Facebook’s comment in 2019, it seems that the current circulating data is different from the one in 2019 as both troves have different attributes and numbers of users affected per region.   

Facebook claimed that it did not notify users about the 2019 incident because there were so many troves of semi public user data – taken from Facebook and other companies – out in the open. Attackers needed to supply phone numbers and manipulate the feature to reveal the corresponding name and other data associated for the breach to work, to which Facebook argues that it did not expose the phone numbers itself. The company is quick to draw a distinction between exploiting a weakness in a legitimate feature for mass scraping and finding a flaw in its systems to grab data from the backend. 

However, for those affected, the distinction bears no difference. 

The hacking of Facebook user phone numbers has been a cause of concern in the last several years and the social media giant has done a wobbly job to protect their users’ phone numbers. It fixed vulnerabilities in 2013 and 2017, and disabled a feature that allowed users to search for other people on Facebook using their phone number in 2018. 

Moreover, the social media giant reached a landmark settlement with the FTC in 2019 over a massive number of data privacy failures. The $5 billion fine indemnified Facebook for all activity and data privacy failures before June 12, 2019.

You can check whether your phone number or email address were exposed in the leak by checking the breach tracking site <a href=”https://haveibeenpwned.com/”>HaveIBeenPwned</a>.

For more information, you may view the original story from Wired.com

Featured Tech Jobs


Related articles

Google Play introduces new biometric verification with a user warning

Google has recently announced updates to the biometric verification process for Google Play purchases, aiming to bolster security...

Cyber Security Today, Week in Review for week ending Friday April 19, 2024

On this episode Jen Ellis, co-chair of the Ransomware Task Force, talks about ways of fighting one of the biggest cyber threats to IT d

Cyber Security Today, April 19, 2024 – Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more

This episode reports on a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international

Controversial expansion of US surveillance powers nears Senate vote

The US Senate is poised to vote on a significant expansion of Section 702 of the Foreign Intelligence...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways