Data Leak Overview
Personal details of 533 million users from 106 countries is included in the publicly available leaked data. The database was first leaked in 2019 via Telegram, a messaging network. However, it could not be accessed openly at the time. Anyone who wanted to use it had to pay a $20 fee per search. Facebook has since announced that the breach has been resolved by patching the flaw that triggered the leak. This claim by Facebook is unlikely to be right, as the same database surfaced in June 2020. Anyone with access to the database could look up a user’s phone number in this breach.
Alon Gal, the co-founder and CTO of cybersecurity company Hudson Rock, was the first to announce the data breach on Facebook. Mr. Gal said that if anyone had a Facebook account, his or her information was most likely leaked. There are 5.5 lakh users from Afghanistan, 1.2 million from Australia, 3.8 million from Bangladesh, 8 million from Brazil, and 6.1 million from India in the database. India was also hit by a huge KYC dump leak of Mobikwik users just a few days ago.
“A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks [or]hacking attempts” – Alon Gal
Context of Nepali Facebook users
Nepal, thankfully, is not on the list of countries impacted by the Facebook data breach. However, you can verify whether or not your information has been leaked by using your email address on Have I Been Pawned.
How to Prevent Data Breach
A data breach is usually thought to be the product of a hacker who is a technocrat. This isn’t always the case, however. Data breaches may also occur as a result of a company’s or an individual’s negligence. A data breach can result from even a small oversight of a flaw, error, or weakness. As a result, it’s critical to realize that even the tiniest weakness will result in a major data breach. Here are a few best practices for preventing a data breach in your company:
- Your computer or phone’s applications should be updated and patched on a regular basis to the most current version available.
- Limiting who has access to the most confidential information. Only a few carefully selected individuals should have access to such sensitive information.
- All confidential data is encrypted at a high level.
- All staff can receive cybersecurity awareness training. Companies can benefit from such training in order to avoid socially engineered attacks.
- Enforcing BYOD security measures, such as requiring all devices to use a commercial-grade VPN and antivirus protection.
- Since a cyber breach can happen at any moment, you should develop a cyber breach response plan.
- Companies should promote strong passwords and multi-factor authentication to encourage better user cybersecurity practices. Similarly, businesses should encourage consumers to use password managers.
For a long time, Facebook users have entrusted their personal information to the social media platform. Perhaps it was our naiveté that led us to assume that our personal data was safer and more private than it really was. However, following the recent Facebook data breach, users are beginning to question Facebook’s ability to protect our sensitive data. If the company does not take appropriate measures to protect users’ data quickly, it will damage the company’s reputation.