Summary List Placement
After Insider reported that the phone numbers and personal data of 533 million Facebook users were leaked online on Saturday, Facebook framed the leak as old news.
“This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019,” a Facebook spokesperson told Insider at the time. Facebook later expanded on that statement in a blog post Tuesday reiterating that the issue that enabled the data to be scraped has been patched.
While Facebook described this issue and the data scraping methods as “previously reported,” this week marks the first time the company has addressed the breach in any detail. And according to security experts, the nature of the leaked data makes it risky for affected users regardless of when it was scraped — and downplaying that is a disservice to users, who may now be vulnerable.
That’s because some of the most sensitive data included in the leak — like their phone numbers, Facebook IDs, and locations — are unlikely to have changed since 2019.
Alon Gal, the security researcher with Hudson Rock who first discovered the leaked data in a hacker forum, told Insider that Facebook’s response to the breach seems like a way to quash discussion.
“Facebook referring to this data as old is likely to discourage the conversation around it,” Gal said. “People who haven’t really looked into the leak might not be familiar with what exact details were involved and are likely to go on with their lives thinking it was data that is not relevant to them. But obviously that is not the case.”
Experts say that the personal data included in the breach is valuable to hackers and cybercriminals who can use it to impersonate people online or try to trick them into handing over more credentials.
Security researchers also noted that leaked phone numbers could pose dangers to people who wanted to keep their contact information private, like public figures or those trying to avoid stalkers or abusive ex-partners.
For users who try to maintain an unlisted number, the distinction between hacking and scraping might not feel that important. Lots of politicians, celebrities and people with abusive ex-partners had their phone numbers exposed.
— @mikko (@mikko) April 7, 2021
“Even though some of the unauthorized data access happened in 2019, the data is still relevant, and it is questionable if all users were aware of the earlier data leak,” said Candid Wuest, VP of cyber protection research at the security firm Acronis.
Facebook does not plan to alert users whose data may have been included in the leak, the company told Reuters on Wednesday. That’s because the company isn’t confident that it knows which users were affected and because notifying users wouldn’t fix the fact that the data was published, Facebook said.
But notifying affected users could prove a useful step in helping them avoid further damage from the hack, according to Gal.
Cybercriminals are increasingly using text messages to carry out phishing scams …read more
Source:: Business Insider