StatusCake

The Facebook data breach that affects over 533 million users explained

terraform

If you’re a Facebook user, brace yourself for this one. It’s recently come to light that 533 million Facebook users’ details were found on a very suspicious hacker forum. The details found include users’ phone numbers, Facebook IDs, full names, locations, birthdays, and email addresses – all typical information that is stored on a Facebook account. Due to the sensitivity of this data, there’s been a big concern raised around the further cybersecurity risk that this causes – the chance of the affected individuals being targeted by hackers for serious issues like access to their bank details. For example, with the phone numbers used for 2-factor authentication, hackers would be able to use this to bypass security feature measures that are there to protect users.

Facebook hack explained

Firstly, all of this sensitive user data had been offered for sale on a hacker forum at a very high price, which is probably why there was a limited number of bidders actively going for it at the time. However, the price then dropped significantly, making it much more affordable for people to buy and use illegally. Worse yet, all of this Facebook data has recently been discovered for free on a not-very-sophisticated hackers’ forum. 

This does not mean, however, that the data has no value. The data is still very lucrative to marketing companies and 3rd party businesses that will sell this data to other companies, who can select exactly what details they want from the list and then target individuals with spam calls, texts, and emails. Ultimately, this list of over 500 million users has given scammers a verified contact list that they can actively target and profit from, making it a massive crisis for both Facebook and its users alike. 

Has this happened to Facebook before?

As the data Goliath that Facebook is, this sort of issue is unfortunately not a one-off. Back in 2018, Facebook experienced the same issue where data was scraped from its site and sold off in hacker forums at a premium rate. This hack didn’t make a lot of noise in the media but one that we are all very familiar with is that of Cambridge Analytica. 

It was a time where Mark Zukerberg had to face the Senate questions and explain the role Facebook played and the famous response “I’ll look into this and get back to you”. Just to be clear, Cambridge Analytica did not hack Facebook but they accessed over 87 million accounts without any consent. It made the news when the media found that this data was used to target individuals for the up-and-coming 2016 election and how this could have impacted the results of the election. 

What does Facebook have to say about this hack? 

One of the major issues with this recent news has been the lack of information Facebook had given, right up until it was made public. Arguably, the hushed response from Facebook has proven massively unhelpful to those of us that could be victims of this data breach who have many questions needing answered. 

In a recent blog on Facebook’s site, Mike Clark wrote “It is important to understand that the malicious actors obtained this data not through hacking our systems but by scraping it from our platform” in an attempt to try to reassure the public and its users that the security on Facebook is not affected by this. Mike also explained how the actors managed to scrape the information – “We believe that data in question was scraped from people’s Facebook profiles by malicious actors using our contact importer”. This feature was “designed to help people easily find their friends to connect with our services using their contact list”. The good news for all Facebook users is that this issue was fixed in August 2019 once Facebook was made aware of it. 

What does this mean for Facebook now?

With all the recent bad press around Facebook, this definitely hasn’t come at an ideal time. As this hack concerns identifiable information, it could mean more legal battles for the tech giant and with that, more fines. 

In Europe, since the 2018 GDPR introduction, the Facebook hack could mean a hefty fine for them since they did not disclose or report the breach within the 30-day time limit which is what the law requires. Facebook failed to alert its users directly, or disclose those users that were affected. It’s important to note, however, that some of the data found on the hacked list are not all from 2018/2019, which means Facebook did not breach any GDPR rules for this selection. 

Currently, the Irish government, EU data commission, and the UK have started investigations into this as the penalties for companies that breach this rule are high. The US will also be investigating this with the Federal Trade Commission looking into the steps Facebook took during and after this event. 

The impact of this hack on Facebook

Facebook does not only need to worry about the financial cost it will need to bear from fines but more importantly, it will need to now try and rebuild trust with its users. Facebook has a lot of ground to make up as it hasn’t exactly had a good response to their tackling of this breach. Ironically the data breach also made Zuckerburg’s contact number available which may cause Facebook to dial down harder on their protocol.

There are a lot of things Facebook needs to do and personally, I think it’s imperative to act fast and make sure your users are the number one priority. Facebook should have contacted the affected individuals immediately, giving them the chance to take precautions before anyone could do further damage to their data. 

Here at StatusCake, we believe in making sure that all of your data is protected. By the end of April 2021, we’ll have new functionality that will tell you if your email address and/or password have previously been compromised when you sign up for a StatusCake account. This gives you extra peace of mind and the ability to look further into any issues that may show that your details have previously been compromised. Alongside this, we offer domain monitoring, server monitoring, and virus scanning to always keep you in the know of any potential malicious threats that could be lurking beneath the surface of your website. Maybe Facebook might sign up for a trial after this hack? 

Share this

More from StatusCake

API
Engineering

The basics: How to use the StatusCake API

5 min read We offer an API that provides direct access to features the platform offer, with each feature providing a set of endpoints to perform operations on resources associated with your account. The StatusCake control panel offers plenty of useful visualisations and alerting systems so you can be in touch with your data, but sometimes we may have use-cases where we would rather leverage the API so in this blog post we’re going to see how we can make use of these endpoints using C#.

developer tools
short-reads

Software developer tools to increase productivity 

5 min read In this blog post I want to go over some of the software I use alongside my IDE/version control tools during my day-to-day work. These tools allow me to cut down on wasted time spent doing things inefficiently, track my work, take notes, and generally make my life easier.

statuscake github
Engineering

StatusCake GitHub Projects

4 min read I allows users of the platform to come up with custom ways of interacting and making our tools work for their specific needs. In this blog post I’m going to look at a few recent projects on GitHub that use the StatusCake API to either save you time or do something interesting with your test data.  

downtime
short-reads

The one where the Lloyds Banking Group suffered downtime

2 min read It’s estimated that over 18 million people in the UK use online banking. So when the Lloyds, Halifax, and the Bank of Scotland online banking platforms all suffered partial downtime, millions of people were unable to access their accounts properly. Find out more here!

google maps down
Engineering

Website downtime: The one where Google Maps went down

2 min read March saw many of the big tech companies have technical issues with their products and services. But the biggest one was by far the colossal Google; Google Maps experienced the much dreaded website downtime impacting thousands of users across the globe. It was reported online that Google Maps had suffered a partial outage meaning that many couldn’t access the location tool. Read all about it here.

Want to know how much website downtime costs, and the impact it can have on your business?

Find out everything you need to know in our new uptime monitoring whitepaper 2021

*By providing your email address, you agree to our privacy policy and to receive marketing communications from StatusCake.