What really caused Facebook’s data leak to 500,000 users?
Since Saturday, a Facebook has a lot of data circulate publicly, approximately 533 million users are splashing Facebook information on the Internet. The data includes profile names, Facebook ID numbers, email addresses, and phone numbers. It is a type of information that has already been filtered or extracted from other sources, but it is another resource that links all this data — and links it to each victim — to present the silver plate to fraudsters, phishers, and spammers with neat profiles.
Facebook’s initial response was that the data had been reported before 2019, and that the company had fixed the underlying vulnerability in August of that year. Old news. A closer look at where this data comes from creates a much darker picture. In fact, the data that appeared on the dark criminal website in 2019 came from an offense that Facebook did not provide in any significant detail at the time, and was fully acknowledged in a blog post on Tuesday evening. message Attributed to Mike Clark, director of product management.
A source of confusion has been the numerous violations and exposures that Facebook can cause to this data. There were 540 million records reported by a third party (including Facebook IDs, comments, likes and reaction data) UpGuard security company has announced April 2019? Or the records of 419 million Facebook users, including hundreds of millions of phone numbers, names and Facebook IDs, were publicly taken out of the social network by bad actors before the 2018 Facebook policy was changed. TechCrunch reported In September 2019? Did it have anything to do with it Cambridge Analytica third party data sharing scandals 2018? Or that it was somehow related to the massive 2018 Facebook data breach Does it put access to access tokens and almost all personal data of 30 million users?
In fact, the answer seems to be none of the above. As Facebook finally explained in comments to WIRED and on Tuesday’s blog that there are recently 533 million public records, it is a different attacker of data sets, created by abusing a bug in the feature to import contacts from the Facebook address book. Facebook says it fixed the vulnerability in August 2019, but it’s still unclear how many times the bug was exploited so far. In addition to information on more than 500 million Facebook users in more than 106 countries, the data also includes Facebook IDs, phone numbers, and other information about first-time Facebook users: Mark Zuckerburg and Pete Buttigieg, U.S. Secretary of Transportation, and European Union Data Protection Commissioner Didier Reynders. Other victims include 61 people listed on the “Federal Trade Commission” and 651 people listed on the “Attorney General” on Facebook.
You can check your phone number or email address for leaks by checking the infringement tracking site HaveIBeenPwned. For the service, founder Troy Hunt merged and swallowed two versions of the data set floating around.
“When the organization is involved in pure information, everyone speculates and confusion arises,” Hunt says.
The closest Facebook that previously acknowledged the origin of this rupture was a comment from an article in the fall of 2019. In September, Forbes reported about the vulnerability associated with the Instagram mechanism for importing contacts. The Instagram bug revealed usernames, phone numbers, Instagram handles and account ID numbers. At the time, Facebook told the investigator who revealed the error that the Facebook security team “already knew it was due to an internal finding of the problem.” A spokesman said Forbes at the time, “we changed the importer contact on Instagram to prevent potential abuse. We would like to thank the researcher who raised this issue.” Forbes stated in its September 2019 story that there was no evidence that the vulnerability was exploited, but that it was not.