On Saturday, personal data from over 533 million Facebook users was exposed on an online forum frequented by cybercriminals.
“The leaked data comprises personal information from more than 533 million Facebook users across 106 countries. This includes over 32 million records on users in the US, 11 million in the UK, and 6 million in India. The data encompasses phone numbers, Facebook IDs, full names, locations, birthdates, bios, and in some instances, email addresses,” as reported by Business Insider.
The extent of the breach’s impact on African users remains uncertain, although privacy protection firm Surfshark identified that over 14 million South Africans had their Facebook data leaked. Comparatively, the 2018 Cambridge Analytica breach affected 96,134 South African users.
This leaked information originates from the same dataset that was previously available for purchase through a Telegram bot, reported in January. Facebook initially claimed that the data was scraped due to a vulnerability addressed in 2019, although some experts dispute this explanation.
Alon Gal, CTO of a cybercrime intelligence firm, who first discovered the extensive leak, warned that the compromised data could be exploited by cybercriminals for impersonation or scams.
Facebook’s Response
Given that Facebook has already fixed the underlying vulnerability, there is little the company can do to retrieve the exposed data. Gal suggested that Facebook should inform users to stay vigilant against impersonation attempts or fraud involving their personal data.
Steps You Can Take
Check if you’re affected: First, determine whether your data is part of the breach. Websites like Have I Been Pwned allow you to quickly check if your email or phone number has been compromised in this or other data breaches.
Reevaluate the information you share: It’s essential to reconsider how much personal information you share on Facebook and other social media platforms. The more information you share, the more vulnerable you become.
Strengthen your passwords: Popular but weak passwords like “qwerty,” “password,” and “123456” are easily compromised. Use strong, unique passwords for different sites, or consider using a password manager. While this won’t prevent data theft, it will limit the damage to a single site if your password is leaked.
This incident highlights the importance of data privacy and the need to be mindful of who has access to your personal information.
