533 Million Facebook Account Details Leaked

Author: Melodie Foster

Date: 9th April 2021

The leak occurred because of a vulnerability in Facebook that was present prior to September 2019. Facebook stated in a blog post that the vulnerability had been previously reported and has been already fixed. The leaked details include Facebook user’s full names, Facebook IDs, mobile numbers, locations, email addresses, gender, occupation, city, country, marital status, and account creation date. Facebook CEO Mark Zuckerburg’s phone number was also amongst the leaked details.

At the time, it was suspected that data had been scraped because of a bug in the Add Friend feature that was discovered in 2019. Attackers posted that data to a forum last weekend. A post from one of Facebook’s product management director said that “This feature was designed to help people easily find their friends to connect with on our services using their contact lists.” He also mentioned that Facebook is confident that the issue that led to the data scraping does not exist anymore.

However, several regulatory bodies in the European Union may investigate this matter due to it possibly infringing on the General Data Protection Rule which instructs that companies must disclose data breaches within a certain period or incur penalties.

Since the data is now publicly available, it’s likely that attackers can use this information in social engineering attacks, marketing scams and other crimes. Furthermore, users who shared their phone number with Facebook and haven’t changed them since 2019 are advised to be vigilant for spam calls and SMS phishing attacks.[1]

[1] https://threatpost.com/facebook-stolen-data-scraped/165285/

Other resources

Cyber Success Stories

Arcturus cybersecurity consultants work with everyone from public sector bodies and global businesses to SMEs and start-ups. Read our success stories here.
Find out more >

What can Arcturus do for you?

Check out our factsheets for detailed information on the matrix of cybersecurity products and services we offer to protect your business.
Find out more >

Arcturus Deep Dives

Arcturus cybersecurity consultants explore issues in cyber threat intelligence, incident planning and data security. Read our whitepapers to help make decisions that benefit your business.
Find out more >

Cookie Name	Expiration Time	Description
_ga	2 years	Used to distinguish users.
_gid	24 hours	Used to distinguish users.
_gat	1 minute	Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>.

_gac_<property-id>	90 days	Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out.
__hstc	13 months	The main cookie for tracking visitors.
hubspotutk	13 months	This cookie keeps track of a visitor's identity. It is passed to HubSpot on form submission and used when deduplicating contacts.
__hssc	30 minutes	This cookie keeps track of sessions.
__hssrc	End of session	Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser.

533 Million Facebook Account Details Leaked

Author: Melodie Foster

Date: 9th April 2021

Other resources

Cyber Success Stories

What can Arcturus do for you?

Arcturus Deep Dives

Recent Posts

Recent Comments

Archives

Categories

Meta