The data of at least 533 million Facebook accounts was reportedly leaked online in a low-level hacking forum, including the private data of Facebook CEO Mark Zuckerberg. But Facebook claimed that the leaked data was “previously reported on in 2019”.
The Sun reported on Saturday (3 Apr) that the leak includes the details and phone numbers of the 533 million Facebook users from 106 countries, including Zuckerberg’s personal data – his name, location and marriage information, date of birth and Facebook user ID.
In response to the matter, a spokesperson from Facebook told Business Insider: “This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019”.
Facebook further explained in a blog post on Tuesday (6 Apr) that the data in question was “scraped from people’s Facebook profiles by malicious actors using our contact importer prior to September 2019”.
“It is important to understand that malicious actors obtained this data not through hacking our systems but by scraping it from our platform prior to September 2019,” it noted.
Scrapping is a method that often relies on “automated software” to lift public information from the internet that can end up being circulated in online forums, said the company.
“As a result of the action we took, we are confident that the specific issue that allowed them to scrape this data in 2019 no longer exists,” it stated, reiterating that the methods used to obtain such data were previously reported in 2019.
Following that, Kaspersky on Tuesday shared insights on key steps to take should businesses be subject to data breaches, and the importance of proactively protecting data and preventing breaches, as well as on consumers’ ends.
It noted that with access to users’ personal data, cybercriminals could have “a fertile ground” from which they can launch multiple cyberattacks in the form of phishing scams, social engineering attacks and break into an organisation’s IT systems to deploy ransomware.
“From a business standpoint, communication is key as choosing the right spokespeople, informing your customers in a prompt and truthful manner will help an organisation regain their public goodwill and trust as quickly as possible.
“Beyond that, it is equally important that you get your business continuity plan right by ensuring any vulnerabilities are patched and software upgraded to prevent further leaks,” said general manager for Southeast Asia at Kaspersky Yeo Siang Tiong.
However, Mr Yeo stressed that any effort to mitigate the impact of data breaches will also require the proactive effort of consumers who have been affected.
“Apart from changing your passwords and running an effective antivirus solution, knowing how to respond if your identity is stolen will help you prevent cybercriminals from exploiting your data further.
“As soon as you discover unauthorised access into your accounts, get in touch with your service provider to update them immediately so that you will not be held liable for anything that happens.
“In this instance, where old personal data has resurfaced online, one can hedge against the long-term consequences of identity theft by monitoring your financial activity as this remains a perennial area of interest for many cybercriminals,” he noted.
