If you’re a Facebook user, brace yourself for this one. It’s recently come to light that 533 million Facebook users’ details were found on a very suspicious hacker forum. The details found include users’ phone numbers, Facebook IDs, full names, locations, birthdays, and email addresses – all typical information that is stored on a Facebook account. Due to the sensitivity of this data, there’s been a big concern raised around the further cybersecurity risk that this causes – the chance of the affected individuals being targeted by hackers for serious issues like access to their bank details. For example, with the phone numbers used for 2-factor authentication, hackers would be able to use this to bypass security feature measures that are there to protect users.
Facebook hack explained
Firstly, all of this sensitive user data had been offered for sale on a hacker forum at a very high price, which is probably why there was a limited number of bidders actively going for it at the time. However, the price then dropped significantly, making it much more affordable for people to buy and use illegally. Worse yet, all of this Facebook data has recently been discovered for free on a not-very-sophisticated hackers’ forum.
This does not mean, however, that the data has no value. The data is still very lucrative to marketing companies and 3rd party businesses that will sell this data to other companies, who can select exactly what details they want from the list and then target individuals with spam calls, texts, and emails. Ultimately, this list of over 500 million users has given scammers a verified contact list that they can actively target and profit from, making it a massive crisis for both Facebook and its users alike.
Has this happened to Facebook before?
As the data Goliath that Facebook is, this sort of issue is unfortunately not a one-off. Back in 2018, Facebook experienced the same issue where data was scraped from its site and sold off in hacker forums at a premium rate. This hack didn’t make a lot of noise in the media but one that we are all very familiar with is that of Cambridge Analytica.
It was a time where Mark Zukerberg had to face the Senate questions and explain the role Facebook played and the famous response “I’ll look into this and get back to you”. Just to be clear, Cambridge Analytica did not hack Facebook but they accessed over 87 million accounts without any consent. It made the news when the media found that this data was used to target individuals for the up-and-coming 2016 election and how this could have impacted the results of the election.
What does Facebook have to say about this hack?
One of the major issues with this recent news has been the lack of information Facebook had given, right up until it was made public. Arguably, the hushed response from Facebook has proven massively unhelpful to those of us that could be victims of this data breach who have many questions needing answered.
In a recent blog on Facebook’s site, Mike Clark wrote “It is important to understand that the malicious actors obtained this data not through hacking our systems but by scraping it from our platform” in an attempt to try to reassure the public and its users that the security on Facebook is not affected by this. Mike also explained how the actors managed to scrape the information – “We believe that data in question was scraped from people’s Facebook profiles by malicious actors using our contact importer”. This feature was “designed to help people easily find their friends to connect with our services using their contact list”. The good news for all Facebook users is that this issue was fixed in August 2019 once Facebook was made aware of it.
What does this mean for Facebook now?
With all the recent bad press around Facebook, this definitely hasn’t come at an ideal time. As this hack concerns identifiable information, it could mean more legal battles for the tech giant and with that, more fines.
In Europe, since the 2018 GDPR introduction, the Facebook hack could mean a hefty fine for them since they did not disclose or report the breach within the 30-day time limit which is what the law requires. Facebook failed to alert its users directly, or disclose those users that were affected. It’s important to note, however, that some of the data found on the hacked list are not all from 2018/2019, which means Facebook did not breach any GDPR rules for this selection.
Currently, the Irish government, EU data commission, and the UK have started investigations into this as the penalties for companies that breach this rule are high. The US will also be investigating this with the Federal Trade Commission looking into the steps Facebook took during and after this event.
The impact of this hack on Facebook
Facebook does not only need to worry about the financial cost it will need to bear from fines but more importantly, it will need to now try and rebuild trust with its users. Facebook has a lot of ground to make up as it hasn’t exactly had a good response to their tackling of this breach. Ironically the data breach also made Zuckerburg’s contact number available which may cause Facebook to dial down harder on their protocol.
There are a lot of things Facebook needs to do and personally, I think it’s imperative to act fast and make sure your users are the number one priority. Facebook should have contacted the affected individuals immediately, giving them the chance to take precautions before anyone could do further damage to their data.
Here at StatusCake, we believe in making sure that all of your data is protected. By the end of April 2021, we’ll have new functionality that will tell you if your email address and/or password have previously been compromised when you sign up for a StatusCake account. This gives you extra peace of mind and the ability to look further into any issues that may show that your details have previously been compromised. Alongside this, we offer domain monitoring, server monitoring, and virus scanning to always keep you in the know of any potential malicious threats that could be lurking beneath the surface of your website. Maybe Facebook might sign up for a trial after this hack?