Author: Melodie Foster
Date: 9th April 2021
The leak occurred because of a vulnerability in Facebook that was present prior to September 2019. Facebook stated in a blog post that the vulnerability had been previously reported and has been already fixed. The leaked details include Facebook user’s full names, Facebook IDs, mobile numbers, locations, email addresses, gender, occupation, city, country, marital status, and account creation date. Facebook CEO Mark Zuckerburg’s phone number was also amongst the leaked details.
At the time, it was suspected that data had been scraped because of a bug in the Add Friend feature that was discovered in 2019. Attackers posted that data to a forum last weekend. A post from one of Facebook’s product management director said that “This feature was designed to help people easily find their friends to connect with on our services using their contact lists.” He also mentioned that Facebook is confident that the issue that led to the data scraping does not exist anymore.
However, several regulatory bodies in the European Union may investigate this matter due to it possibly infringing on the General Data Protection Rule which instructs that companies must disclose data breaches within a certain period or incur penalties.
Since the data is now publicly available, it’s likely that attackers can use this information in social engineering attacks, marketing scams and other crimes. Furthermore, users who shared their phone number with Facebook and haven’t changed them since 2019 are advised to be vigilant for spam calls and SMS phishing attacks.
Arcturus Deep Dives
Arcturus cybersecurity consultants explore issues in cyber threat intelligence, incident planning and data security. Read our whitepapers to help make decisions that benefit your business.
Find out more >