The recent Facebook data breach is believed to have compromised the personal data of million users worldwide.
The claimed Facebook data breach reportedly involves the personal details of 6 million users in India, according to a country-by-country breakdown.
The leaked data dump of Facebook users contains phone numbers, full names, places, addresses, and other information. Security researchers have cautioned that it may be used to commit fraud by impersonating a person.
Exposing Data Breach
In a series of tweets, Alon Gal, CTO of cybercrime intelligence company Hudson Rock, outlined the data breach, which is said to have exposed the personal details of nearly 533 million users. “This means that if you have a Facebook account, the phone number used for the account has most likely been leaked,” Gal wrote in a tweet.
It’s worth noting that the alleged Facebook data leak is not new one. Gal announced in January that a vulnerability that allowed anyone to see the phone number associated with every Facebook account had been exploited. He went on to say that it was seriously under-reported, and that the database had become even more concerning as a result.
He reported that a user developed a Telegram bot that allowed users to query the database for a small fee, allowing them to find the phone numbers associated with a large number of Facebook accounts.
According to Gal, the data breach includes contact numbers, Facebook ID, full name, current location, previous location, birth date, email address (in some cases), account formation date, relationship status, and bio. Gal added that “Bad actors will certainly use the information for social engineering, scamming, hacking and marketing,”
Damage Control
In response to data breach allegations, a Facebook spokesperson said, “This is old data that was previously reported in 2019. We found and fixed this issue in August 2019.” The data breach story was first published by Business Insider, which cites Gal and adds that the very least Facebook can do is alert affected users.
A Brief Conclusion
In light of recent data breach, India urgently requires a framework to prosecute businesses who fail to properly manage users data. To deal with such situations, the country needs a clear legal structure. Last week, information on MobiKwik digital wallet app users was allegedly leaked, with data on crores of users being made public.