Over 500 million Facebook users had their phone numbers and personal data leaked over the past weekend. One victim of the leak was Facebook founder, Mark Zuckerberg himself.
The leak included users' phone numbers, email addresses, location data, and biographical information, among other details. These can all be used to steal identities and access further information.
Facebook has stated that the data originally leaked in 2019, but it appears to now be widely available, and there's no real way that a user can tell if they've been a victim of the leak. Any Facebook users should be wary of unusual phone calls or activity on their email addresses.
How did the Facebook Leak Happen?
How did such a massive leak happen to a company that is worth so much money? This story actually begins back in 2019, when a somewhat substantial vulnerability was found in Facebook's programming, allowing hackers to see users' information. Facebook patched this, but not before the information was downloaded.
In an interview with CNN, Facebook spokesperson Andy Stone said: “This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019.”
Originally, those who abused this vulnerability would charge scammers a small fee and give them some phone numbers through which they could operate their scams. However, this list was recently fully broken open.
One of the orchestrators of the leak then posted this list of information onto a hacking forum, exposing the private information of hundreds of millions of users.
Among this posted list of information includes private information on Mark Zuckerberg himself, including his location and Facebook user ID.
Any actions taken by Facebook would fall under “closing the barn doors after the horses have escaped.” The data has been leaked and who knows how many people have downloaded and replicated the data at this point. All that Facebook can work on now is precautions for the future.
Actions to Take as a Facebook User
While there's not much Facebook can do to stop the leak now that it's already happened, there are still actions you can take to limit any damage done to your account or identity. While there's no concrete way of checking if you're a victim of the hack, these steps are still good security practice.
The information included users' phone numbers, email addresses, names, and location data. While passwords are still seemingly safe, it can't hurt to change your password to something new and more secure.
Since the leak included email addresses and phone numbers, be extra cautious of any weird calls, texts, or emails you get over the coming months. Some email clients can detect scam emails, but phone numbers are typically pretty open to scams, leaving it up to the user to sniff out any possible problems. So make sure you're extra careful about clicking any links or giving out any information over the phone.
Cyber security is a field that can't be perfected. With every advancement we make to keep ourselves safe, phishers and scammers will develop more methods to gain access to private and sensitive information.
However, that doesn't mean that you shouldn't take basic precautions to protect yourself online. For example, investing in a password manager is a great way to make sure your passwords are safe and secure. Some even inform you when your password has been compromised.
Another good investment for your internet safety is a VPN. VPNs can hide your IP address, masking your computer from any kind of data tracking. Both VPNs and password managers are affordable ways to keep your computer and personal information safe.