Facebook is having a hard time keeping sensitive user data and information private. Over the last few years, we have been hearing about the data leak in Facebook repeatedly. In the most recent breach, a user in a low-level hacking forum published the personal data of over 500 million Facebook users. This data contains first and last names, contact numbers, approximate locations, email, and other biographical information.
Data Leak Overview
The freely accessible leaked data consists of personal information of 533 million users from 106 different countries. Initially, the database was first leaked in 2019 through messaging platform Telegram. But, at that time, it could not be accessed freely. If anybody wished to access it, one had to pay a fee of $20 per search. Since then, Facebook reported that it neutralized the breach by patching the vulnerability that caused the leak. This statement from Facebook is unlikely to be true as the same database appeared again in June 2020. In this breach, anyone who could access the database also could search for a user’s phone number.
Alon Gal, the co-founder and CTO of cybersecurity firm Hudson Rock was the first one to blow the whistle on this Facebook data leak. Mr. Gal revealed that if anyone had a Facebook account, it was most likely that his or her details were leaked. The database include the personal data of as many as 5.5 lakh users from Afghanistan, 1.2 million from Australia, 3.8 million from Bangladesh, 8 million from Brazil, and 6.1 million from India. Just a few days ago, India also suffered from a massive KYC dump leak of Mobikwik users.
“A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks [or]hacking attempts” – Alon Gal
Context of Nepali Facebook users
Fortunately, Nepal is not among the list of the countries affected by this Facebook data leakage. However, if you wish to confirm if your data has been leaked or not, you can do so by using your email address on Have I Been Pawned.
How to Prevent Data Breach
There is a general assumption that a data breach happens because of a technocrat hacker. This is not always true. Data breaches may also happen due to the negligence of the company and individuals. Even a minor oversight of the flaw, error, and vulnerability can lead to the data breach. Therefore it is necessary to understand that even the smallest of the vulnerability can cause a massive data breach. A few of the best practices for avoiding a data breach in your company are listed here:
- Regular update and patching of the software your company uses to the latest version available.
- Limiting access to your most valuable data. Only a few handpicked personnel who require access to such delicate data should have it.
- High-grade encryption for all sensitive data.
- Conducting training on cybersecurity awareness for all employees. Such education may help the companies in avoiding socially engineered attacks.
- Enforcing BYOD security policies like requiring all devices to use a business-grade VPN service and antivirus protection.
- Developing a cyber breach response plan because a breach can occur at any time.
- In order to encourage better user cybersecurity practices, companies should encourage strong credentials and multi-factor authentication. Similarly, companies can foster the use of password managers among users.
For a long time, Facebook users have trusted their sensitive data with Facebook. Maybe it was our naivety which led us to believe that our very own personal information was safer and even more private than it basically was. But, with these recent Facebook data leak, users are doubting that Facebook is not capable to protect our volatile data. If the company does not take suitable steps to protect the users’ data soon, it could hamper the image of this tech company.