Facebook Data Breach 2021 – Everything You Need to Know
By Nick Anderson 5 minutes
Facebook continues to find itself in hot waters almost every year when it comes to privacy and security. Five years ago, Facebook was struck with its biggest privacy scandal since the social media giant came online in 2005. Earlier this month, reports of a data breach at Facebook made headlines. This time around, the breach was due to a vulnerability in Facebook’s system.
Data of 533 million Facebook users is now up for grabs for free on an online forum populated by hackers. Even Facebook CEO Mark Zuckerberg’s data is part of the breach. The information will no doubt go on to be used for fraudulent activities like phishing. As a Facebook user, it is possible that you were affected by the breach, and there are certain proactive measures that you can do to safeguard your account.
What Was Stolen?
A data breach’s primary goal is to steal information from users by exploiting a weakness in a platform’s security. Some platforms can even fall victim to clever social engineering techniques. The Facebook data breach includes Facebook ID, full name, phone number, email addresses, and other types of information saved in the user profile. The treasure trove of data encompasses users from 106 countries worldwide. Although passwords for the accounts were not stolen, there is enough information to launch phishing attempts against the affected users.
Usually, such information is sold on the Dark Web to those willing to pay for it. But now, the data is available to anyone for free on a public hacker forum, making it all the more dangerous for those affected.
How Was it Stolen?
Facebook has acknowledged the data breach in a blog post. It said the data is from a breach that occurred in 2019 due to a vulnerability that Facebook says it patched in August 2019. The bad actors were able to find this information by using the contact importer to match known phone numbers against user profiles on Facebook by using software designed for this purpose. Facebook insists that the breach is not a hack but a scraping method and that its backend security was not compromised in any way.
However, there is no telling just how long this vulnerability was exploited before it was patched in 2019.
How to Tell if You Were Not Affected
The contacts tool revealed information such as phone number even if it was not public on the profile. As a user, you will not hear any alarm bells when you log in to Facebook. And Facebook has not shared any plans to notify affected users.
It’s why such data thefts are similar to a bad actor working as a third-party to intercept communication on an unsecure network like public Wi-Fi is so dangerous because it evades your detection.
The website Have I Been Pwned received a significant amount of traffic following the news. It allows you to check your email addresses to find a match in the many data breaches that have occurred over the years. The troves of data sets are handy in alerting users if their information was leaked. Following this Facebook data breach, Have I Been Pwned now supports phone numbers as well. The website has been updated with the latest data from the Facebook breach, and you can now check with your phone number as well.
First, try entering your email address, then move to the phone number. Even if you were not a victim of this particular breach, the tool would reveal matches from any past cyberattacks.
What You Need to Do
Fortunately, the more important information such as passwords or financial details were not part of this breach. But, there is still reason to be cautioned. We have used our blog to educate readers on the various cyber threats and how to prevent them. One of the recurring cyber frauds is known as Phishing.
It is a fraudulent technique designed to trick targets into giving up details like login credentials or banking details, usually through creating a sense of urgency. A phishing email would say your iCloud account is locked and requires your attention. The malicious link inside the email leading to a fake landing page would be designed to resemble the real iCloud website. Except that when you enter your email address and password in the login fields, the information will be in the hands of the phisher.
More clever social engineering techniques like Spear Phishing are focused on one individual. The approach will be to build trust by sharing some information that only you or a handful of people would have been privy to.
Phishing is exactly the kind of fraudulent technique in which data from the Facebook breach will be used. Be careful about what emails you receive. Always verify the sender before clicking on any link or downloading an attachment; phishing email addresses will have a different email address.
A phone number is an integral part of our digital lives. Second, to an email address, a phone number is the primary way of receiving Two-Factor Authentication codes. Moreover, automated calls (or Robocalls) are another thing you need to anticipate.
With the growing number of data thefts, certain precautions must be followed to protect against unauthorized access to accounts. If the breach – or any for that matter – contained the password to your account, two-factor authentication would immediately notify you and prevent anyone else from logging into your account.
Similarly, using VPN encryption over public Wi-Fi guarantees that your data cannot be sniffed by a bad actor intercepting your communication.