After the information of 533 million Facebook users was exposed to hackers, the company has tried to reassure users, saying that the data was leaked years ago and has since been protected.
But experts say the problem remains serious, whether it happened in 2021 or years earlier, largely due to the nature of the leaked data.
The dataset, first reported by Business Insider, contained information for 106 countries, including phone numbers, Facebook IDs, full names, locations, dates of birth, and email addresses.
Even if it doesn’t include passwords, the data is important because those identifiers don’t change frequently, said Rob Shavell, CEO of DeleteMe, a personal data protection tool.
“Even if the data is old, it is never really old because it will always be useful to data brokers,” he said. “It helps them correlate related information that is new and feed it into these profiles, which they sell online for just 99 cents.”
That the leak dating back to 2019 may work to the detriment of Facebook – under some privacy regulations, including Europe’s GDPR, that means the company should have alerted users based on privacy-related reporting requirements. Ireland’s Data Protection Commission announced Tuesday that it was investigating the breach to see if it violated any rules.
“The DPC attempted over the weekend to establish all the facts and continues to do so,” it said in a statement. “He did not receive any proactive communication from Facebook.”
The data likely changed hands many times, said Ivan Righi, a cyber threat intelligence analyst at the San Francisco cybersecurity firm. Digital shadows. He said it appeared that the data had initially been included at a relatively high price, limiting the number of hackers who were willing to buy.
“The infringement was probably sold multiple times since then until the price dropped enough that a user decided to expose it publicly to generate a small profit and increase reputation,” he said, adding that this behavior was common for hackers. “While the data may be old, it is still very valuable to cybercriminals.”
Leaked Facebook data can be used in combination with existing user data online to hack accounts, including bank accounts and others that require two-factor authentication – sending a confirmation code to a phone number to verify a person’s identity. . Phone number leaks can also be problematic amid the meteoric rise in robocalls in recent years.
“Forget being hacked, it’s annoying constantly getting spam calls,” Shavell said. “Data breach, whether old or not, is another way that spammers get this information.”
The latest violation adds fuel to the antitrust fight that has been brewing in Washington. Facebook has experienced data security problems in the past, especially when political firm Cambridge Analytica accessed information from up to 87 million users without their knowledge.
The new violation also draws attention to the need for additional regulations in the EU, said Varoon Bashyakarla, a data scientist who works as a technical adviser to Facebook’s Royal Oversight Board, an activist group aimed at holding Facebook accountable for decisions. of content. Bashyakarla said that her own data had been exposed in the breach.
“This incident underscores the need for Facebook to respond to European regulators and not just to Americans,” he said. “If there are no consequences for incidents like this, they will continue, as we have observed for the past few years.”
The Electronic Frontier Foundation (EFF), which called the newly revealed gap “Horrible,” he said that Facebook’s dominance in the tech industry directly contributed to attacks like these. There are few options for users who, fed up with privacy violations, do not want to use the platform: Facebook already has alternatives such as Instagram and WhatsApp.
“Privacy does not come from monopoly,” said EFF’s Cory Doctorow. “Facebook’s data breach problems are the inevitable result of the monopoly, in particular the knowledge that it can rack up endless abuses against its users and retain them.”
Facebook did not immediately respond to a request for comment.
Users can check legitimate websites, including HaveIBeenPwned to see if your data is included in the leak or past leaks.
George is Digismak’s reported cum editor with 13 years of experience in Journalism