The April 3rd Facebook Hack: What You Need to Know…

by

April 8, 2021

Late last week the news broke regarding a massive PII leak, impacting close to 553,000,000 Facebook users across 106 countries…including 32 million Americans (one of whom is Facebook CEO and creator, Mark Zuckerberg).

The PII includes things like:

  • Full names
  • Birthdays
  • Phone numbers
  • Email addresses
  • Locations

While news of the breach is relatively recent (breaking on April 3rd), it looks like the compromised data might have been obtained via a vulnerability Facebook patched way back in 2019. It’s just…flown under the radar since then and didn’t get public attention until someone posted the database in a low-level hacking forum.

The “discovery” if you want to call it that, was made by Alon Gal, the CTO of Hudson Rock, a cybercrime intelligence firm. Gal apparently picked up on there being something rotten regarding Facebook in January after hearing about a Bot that could produce phone numbers for Facebook users around the world.

This isn’t the first time Facebook has leaked a huge amount of PII. We wrote about it back in 2019 when 419 million user records were stored on a server that wasn’t password-protected and accessible to anyone on the internet. And before that, when we wrote about the 600 million user passwords Facebook was keeping in a plain text file that was searchable by 2,000 internal Facebook staff members. Or when we wrote about the 50 million accounts that were easily harvested by Cambridge Analytica to help manipulate the 2016 Presidential election.

Needless to say…Facebook doesn’t have a great record when it comes to security. If you’re a Facebook user and this makes you uncomfortable (and it probably should) you might want to consider checking to see if your account is amongst the 553,000,000 leaked via Have I Been Pwned?  Or even deleting your Facebook account entirely.

Warning: Deleting your Facebook account is a serious decision and one you have to prepare for (mentally and physically). The lotus-eaters in your life (aka friends and family) who are still on the social media platform will be confused and possibly concerned regarding your decision to leave.

Once you step through the process, Facebook gives you up to 30 days to log back in and reverse the decision. Also, if you’ve got any accounts linked to Facebook (i.e., Instagram) that you continue to use, your Facebook account will be reactivated. You’ve got to unlink each account manually if you want to keep using them separately.

If you’re interested you can download a copy of the information Facebook has on you. Since it’s PII Data we recommend keeping it in a secure place if you decide to keep a copy of it.

Whatever you decide to do, you should be on the lookout for a rise in Social Engineering attacks using the leaked Facebook PII.

Carl Keyser is the Content Manager at Integris.

Keep reading

Is DeepSeek Safe for My Company’s Systems?

Is DeepSeek Safe for My Company’s Systems?

China’s new DeepSeek AI engine Has Ushered in a New Era of Fast-Turn, Low-Cost AI Tools. But Are the Risks Worth the Rewards for US Companies? Key Takeaways: China's DeepSeek has been hailed as the nimble new competitor to US large language AI models—an alternative...

What Are Best Practices for Managing IT Projects?

What Are Best Practices for Managing IT Projects?

What Are Best Practices for Managing IT Projects? The Quick Take Managing IT projects effectively is crucial for ensuring success and maximizing ROI. Here are the best practices to follow: Define Clear Objectives and Scope: Set specific, measurable, achievable,...

What Is The Future of Managed IT Services?

What Is The Future of Managed IT Services?

What Is the Future of Managed IT Services? The Quick Take: The future of managed IT services for small and medium-sized businesses is bright, with the market expected to grow from $1.735 trillion to $2.173 trillion by 2028. Key trends driving this growth include:...