{"id":220023,"date":"2021-04-06T12:16:51","date_gmt":"2021-04-06T09:16:51","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/what-actually-happened-with-facebooks-massive-533m-record-leak\/"},"modified":"2022-11-15T22:08:45","modified_gmt":"2022-11-15T19:08:45","slug":"what-actually-happened-with-facebooks-massive-533m-record-leak","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/what-actually-happened-with-facebooks-massive-533m-record-leak\/","title":{"rendered":"#What actually happened with Facebook\u2019s massive 533M record leak"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a30e03830c2c\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a30e03830c2c\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/what-actually-happened-with-facebooks-massive-533m-record-leak\/#What_actually_happened_with_Facebooks_massive_533M_record_leak\" >What actually happened with Facebook\u2019s massive 533M record leak<\/a><ul class='ez-toc-list-level-2' ><li class='ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/what-actually-happened-with-facebooks-massive-533m-record-leak\/#What_happened\" >What happened?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/what-actually-happened-with-facebooks-massive-533m-record-leak\/#Were_you_targeted\" >Were you targeted?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/what-actually-happened-with-facebooks-massive-533m-record-leak\/#How_to_protect_yourself\" >How to protect yourself<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"What_actually_happened_with_Facebooks_massive_533M_record_leak\"><\/span><strong>What actually happened with Facebook\u2019s massive 533M record leak<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p>Over the long weekend\u00a0<a href=\"https:\/\/www.businessinsider.com.au\/stolen-data-of-533-million-facebook-users-leaked-online-2021-4?r=US&amp;IR=T\" target=\"_blank\" rel=\"nofollow noopener\">reports<\/a>\u00a0emerged of an alleged data breach, impacting half a billion <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">Facebook<\/a> users from 106 countries.<\/p>\n<p>And while this figure is staggering, there\u2019s more to the story than 533 million sets of data. This breach once again highlights how many of the systems we use aren\u2019t designed to adequately protect our information from cyber criminals.<\/p>\n<p>Nor is it always straightforward to figure out whether your data have been compromised in a breach or not.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\" data-twitter-extracted-i1668538225113164606=\"true\" data-twitter-extracted-i166853837295712556=\"true\">\n<p dir=\"ltr\" lang=\"en\">Few days ago a user created a Telegram bot allowing users to query the database for a low fee, enabling people to find the phone numbers linked to a very large portion of Facebook accounts.<\/p>\n<p>This obviously has a huge impact on privacy.\u00a0<a href=\"https:\/\/t.co\/lM1omndDET\" target=\"_blank\" rel=\"nofollow noopener\">pic.twitter.com\/lM1omndDET<\/a><\/p>\n<p>\u2014 Alon Gal (Under the Breach) (@UnderTheBreach)\u00a0<a href=\"https:\/\/twitter.com\/UnderTheBreach\/status\/1349671417625931778?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"nofollow noopener\">January 14, 2021<\/a><\/p><\/blockquote>\n<h2><span class=\"ez-toc-section\" id=\"What_happened\"><\/span>What happened?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>More than\u00a0<a href=\"https:\/\/www.theguardian.com\/technology\/2021\/apr\/05\/facebook-data-leak-2021-breach-check-australia-users\" target=\"_blank\" rel=\"nofollow noopener\">500 million Facebook users\u2019 details<\/a>\u00a0were published online on an underground website used by cyber criminals.<\/p>\n<p>It quickly became clear this was not a new data breach, but an older one which had come back to haunt Facebook and the millions of users whose data are now available to purchase online.<\/p>\n<p>The data breach is believed to relate to a vulnerability which Facebook reportedly\u00a0<a href=\"https:\/\/www.businessinsider.com.au\/stolen-data-of-533-million-facebook-users-leaked-online-2021-4?\" target=\"_blank\" rel=\"nofollow noopener\">fixed in August of 2019<\/a>. While the exact source of the data can\u2019t be verified, it was likely acquired through the misuse of\u00a0<a href=\"https:\/\/edition.cnn.com\/2019\/09\/04\/tech\/facebook-phone-numbers-exposed\" target=\"_blank\" rel=\"nofollow noopener\">legitimate functions in the Facebook systems<\/a>.<\/p>\n<p>Such misuses can occur when a seemingly innocent feature of a website is used for an unexpected purpose by attackers, as was the case with a PayID attack in 2019.<\/p>\n<figure style=\"width: 1000px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/images.theconversation.com\/files\/393502\/original\/file-20210406-23-1m3m37p.png?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=1000&amp;fit=clip\" alt=\"\" width=\"1000\" height=\"193\" \/><figcaption class=\"wp-caption-text\">Chief <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">technology<\/a> officer of cybercrime intelligence firm Hudson Rock, Alon Gal, discovered the leaked database, posting screenshots on Twitter. Twitter<\/figcaption><\/figure>\n<p>In the case of Facebook, criminals can mine Facebook\u2019s systems for users\u2019 personal information by using techniques which automate the process of harvesting data.<\/p>\n<p>This may sound familiar. In 2018 Facebook was reeling from the\u00a0<a href=\"https:\/\/www.theguardian.com\/news\/series\/cambridge-analytica-files\" target=\"_blank\" rel=\"nofollow noopener\">Cambridge Analytica scandal<\/a>. This too was not a\u00a0<a href=\"https:\/\/www.abc.net.au\/news\/2018-03-22\/facebook-mark-zuckerberg-admits-mistakes-in-protecting-data\/9574778\" target=\"_blank\" rel=\"nofollow noopener\"><em>hacking<\/em>\u00a0incident<\/a>, but a misuse of a perfectly legitimate function of the Facebook platform.<\/p>\n<p>While the data were initially obtained legitimately \u2014 as least, as far as Facebook\u2019s rules were concerned \u2014 it was then passed on to a third party\u00a0<a href=\"https:\/\/about.fb.com\/news\/2018\/03\/suspending-cambridge-analytica\/\" target=\"_blank\" rel=\"nofollow noopener\">without the appropriate consent<\/a>\u00a0from users.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Were_you_targeted\"><\/span>Were you targeted?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>There\u2019s no easy way to determine if your details were breached in the recent leak. If the website concerned is acting in your best interest, you should at least receive a notification. But this isn\u2019t guaranteed.<\/p>\n<p>Even a tech-savvy user would be limited to hunting for the leaked data themselves on underground websites.<\/p>\n<p>The data being sold online contain plenty of key information.\u00a0<a href=\"https:\/\/haveibeenpwned.com\/PwnedWebsites#Facebook\" target=\"_blank\" rel=\"nofollow noopener\">According to<\/a>\u00a0haveibeenpwned.com, most of the records include names and genders, with many also including dates of birth, location, relationship status and employer.<\/p>\n<p>Although, it has been\u00a0<a href=\"https:\/\/www.theverge.com\/2021\/4\/4\/22366822\/facebook-personal-data-533-million-leaks-online-email-phone-numbers\" target=\"_blank\" rel=\"nofollow noopener\">reported<\/a>\u00a0only a small proportion of the stolen data contained a valid email address (about 2.5 million records).<\/p>\n<p>This is important since a user\u2019s data are less valuable without the corresponding email address. It\u2019s the combination of date of birth, name, phone number and email which provides a useful starting point for\u00a0<a href=\"https:\/\/www.theguardian.com\/technology\/2021\/apr\/05\/facebook-data-leak-2021-breach-check-australia-users\" target=\"_blank\" rel=\"nofollow noopener\">identity theft and exploitation<\/a>.<\/p>\n<p>If you\u2019re not sure why these details would be valuable to a criminal, think about how you confirm your identity over the phone with your bank, or how you last reset a password on a website.<\/p>\n<p>Haveibeenpwned.com creator and web security expert Troy Hunt has said a secondary use for the data could be to enhance phishing and SMS-based spam attacks.<\/p>\n<p><a href=\"https:\/\/twitter.com\/troyhunt\/status\/1378484406642298880\">https:\/\/twitter.com\/troyhunt\/status\/1378484406642298880<\/a><\/p>\n<h2><span class=\"ez-toc-section\" id=\"How_to_protect_yourself\"><\/span>How to protect yourself<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Given the nature of the leak, there is very little Facebook users could have done proactively to protect themselves from this breach. As the attack targeted Facebook\u2019s systems, the responsibility for securing the data lies entirely with Facebook.<\/p>\n<p>On an individual level, while you can opt to withdraw from the platform, for many this isn\u2019t a simple option. That said, there are certain changes you can make to your social media behaviours to help reduce your risk from data breaches.<\/p>\n<p><strong>1) Ask yourself if you need to share all your\u00a0<a href=\"https:\/\/www.theguardian.com\/technology\/askjack\/2019\/mar\/07\/is-there-a-way-to-use-facebook-without-giving-up-my-privacy\" target=\"_blank\" rel=\"nofollow noopener\">information with Facebook<\/a><\/strong><\/p>\n<p>There are some bits of information we inevitably have to forfeit in exchange for using Facebook, including mobile numbers for new accounts (as a security measure, ironically). But there are plenty of\u00a0<a href=\"https:\/\/theconversation.com\/dont-be-phish-food-tips-to-avoid-sharing-your-personal-information-online-138613\" target=\"_blank\" rel=\"nofollow noopener\">details you can withhold<\/a>\u00a0to retain a modicum of control over your data.<\/p>\n<p><strong>2) Think about what you share<\/strong><\/p>\n<p>Apart from the leak being reported, there are plenty of other ways to harvest user data from Facebook. If you use a fake birth date on your account, you should also avoid posting birthday party photos on the real day. Even our\u00a0<a href=\"https:\/\/www.smh.com.au\/technology\/why-you-shouldn-t-post-a-picture-of-your-boarding-pass-on-social-media-20200918-p55wvf.html\" target=\"_blank\" rel=\"nofollow noopener\">seemingly innocent photos<\/a>\u00a0can reveal sensitive information.<\/p>\n<p><strong>3)<\/strong>\u00a0<strong>Avoid using Facebook to sign in to other websites<\/strong><\/p>\n<p>Although the \u201csign-in with Facebook\u201d feature is potentially time-saving (and reduces the number of accounts you have to maintain), it also increases\u00a0<a href=\"https:\/\/threatpost.com\/sneaky-phishing-scam-facebook\/141869\/\" target=\"_blank\" rel=\"nofollow noopener\">potential risk<\/a>\u00a0to you \u2014 especially if the site you\u2019re signing into isn\u2019t a trusted one. If your Facebook account is compromised, the attacker will have automatic access to all the linked websites.<\/p>\n<p><strong>4) Use unique passwords<\/strong><\/p>\n<p>Always use a different password for each online account, even if it is a pain. Installing a password manager will help with this (and this is how I have more than 400 different passwords). While it won\u2019t stop your data from ever being stolen, if your password for a site is leaked it will only work for that\u00a0<em>one<\/em>\u00a0site.<\/p>\n<p>If you really want a scare, you can always <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">download<\/a> a copy of all the\u00a0<a href=\"https:\/\/www.facebook.com\/help\/212802592074644\" target=\"_blank\" rel=\"nofollow noopener\">data Facebook has on you<\/a>. This is useful if you\u2019re considering leaving the platform and want a copy of your data before closing your account.<\/p>\n<p><strong>Related article :\u00a0<a href=\"https:\/\/www.vpnmentor.com\/blog\/mgm-leaked-on-telegram\/\" target=\"_blank\" rel=\"noopener\">Over 8 GB Database Exposing Millions of Hotel Guests Dumped (for Free) on Telegram<\/a><\/strong><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/thenextweb.com\/facebook\/2021\/04\/06\/what-actually-happened-with-facebooks-massive-533m-record-leak-syndication\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>What actually happened with Facebook\u2019s massive 533M record leak Over the long weekend\u00a0reports\u00a0emerged of an alleged data breach, impacting half a billion Facebook users from 106 countries. And while this figure is staggering, there\u2019s more to the story than 533 million sets of data. This breach once again highlights how many of the systems we&#8230;<\/p>\n","protected":false},"author":1,"featured_media":220024,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/img-cdn.tnwcdn.com\/image\/tnw?filter_last=1&fit=1280,640&url=https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/04\/facebook.png&signature=e782487de579426fd03b8a3a2e92a7a4","fifu_image_alt":"#What actually happened with Facebook\u2019s massive 533M record leak","footnotes":""},"categories":[18],"tags":[4974,71612],"class_list":["post-220023","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-facebook","tag-insights"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/220023","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=220023"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/220023\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/220024"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=220023"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=220023"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=220023"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}