The next online privacy breach was always inevitable. With the majority of the country under stay-at-home orders in the midst of the pandemic, social media sites like Facebook are used as a primacy source of communication between friends and family. The more personal information available online, the higher the risk to users’ privacy.
This past week Cyble, a cybersecurity intelligence firm discovered 309 million Facebook user profiles were listed for sale on the Dark Web. The company purchased the database for £500 or USD $540, a ridiculously small price for Facebook users’ unique ID.
The records contained full names, email addresses, phone numbers, relationship status, age, and timestamps of past connections to Facebook. While no passwords were exposed, the data is more than enough to launch spear-phishing campaigns via texting or email. Scammers could trick victims into handing over other confidential information under the pretense of familiarity. They know your name and contact info, surely they’re legit, right?
Cyble hasn’t confirmed how the breach happened, however it’s speculated the records may have been collected by “scraping” users’ publicly shared data, or alternatively that hackers targeted API, Facebook’s third-party developer, which had access to user IDs.
In the past Facebook risked user privacy by selling data to third-party app developers for alleged marketing purposes. This most recent incident is more sinister in nature.
Protecting your data depends on your account passwords, not only on Facebook, but across all online accounts. Each account should have a unique password as a data breach on one website can put all accounts using the same password at risk. For those having difficulty managing complex passwords, Komando has listed helpful tips here.
Additionally Facebook accounts can be secured with two-factor authentication (Settings > Security and login). In the event credentials are hacked, a 2FA system will keep your account from being hijacked.
Pingback: Data Dividend Project wants you paid for companies to use of your data