Massive Facebook Hack - And Facebook Tried to Hide It! :(

Digerati

Digerati

Moderator
Hardware Expert
Microsoft MVP (Ret.)
Staff member
Joined
Aug 28, 2012
Posts
4,958
Location
Nebraska, USA
Just another example why folks need to dump Facebook and other social media outlets.

Facebook Leaked the Data of 533 Million Users and Didn’t Tell Anyone

A massive data set that includes the personal information of 533 million global Facebook users has been leaked and is widely circulating online. The data, which includes user phone numbers, email addresses, physical addresses, account creation dates, relationship status, and more, was being freely traded in hacker forums over the weekend.
Click to expand...

Note the vulnerability was first discovered and apparently exploited back in 2019! But Facebook decided not to tell its users. :mad:

When confronted,
Facebook executives have said that the data is from 2019 and is therefore “old.” What they don’t grapple with is the fact that phone numbers and email addresses don’t change that often.
Click to expand...

Probably too late now, but change your passwords. Make it strong and unique. And purge any personal information you can.
 
https://haveibeenpwned.com/ has been updated for this data breach.

It's now also possible to search for compromised phone numbers for this particular Facebook data breach in HaveIBeenPwned.

Format to use when searching a phone number: <country code><phone number>, e.g 31612345678.
A few remarks on this:
- with 06-phone numbers, the first zero should be omitted
- the '+' in the country code is not a requirement but can be included as well.

I have tested the above for accuracy, I've been a victim of this as well. :(
 
pwned email addresses have never bothered me. I figure I have had mine for so many years and given it out so many times, it would be odd for it to not be "out there".

Phone numbers and other personal information would bother me. Fortunately, haveIbeenpwned did not find I've been compromised there.
 
The bug was patched about a month or so after being discovered by Facebook back in 2019. I heard that the data stolen from Facebook was sold on an underground forum for $4?! Wasn't the vulnerability based upon allowing people to search for friends based on their phone number?

I'm not sure how true this is, however, I seen bug bounty hunters post that Facebook have apparently refused to patch bugs in the past because they were considered "features".
 
I don't know any of the particulars on the vulnerability in this case. Don't really care.

I only know what has been disclosed about it in the last couple days. And that is, among other things,
  • Over 1/2 billion user accounts were compromised in one way or another by bad guys.
  • Facebook has known about the hack since 2019.
  • Facebook decided not to inform the affected users.
  • Facebook execs are currently trying to rationalize not telling the users back then by claiming the compromised data is now "old data".
  • Facebook execs are ignoring the fact that most users still have the same phone number and email account today as they did back then. That is, that "old data" is still "current" and pertinent data.
 
You think he is still using that same phone number? I sure doubt it. I also doubt he went through all the hassles, did all the legwork, and endured all the stress to switch to a different number too. A process that includes the tedious task of informing all ones personal contacts of the new number. No doubt, his personal assistant/secretary did it for him - likely just handing him a new phone at the end of the day that was all set up and ready to go. My point being, he likely does not know or really understand what a PITA and waste of time it is dealing with the consequences of having your personal information compromised.

I congratulate him for his success in life. I really do. I am not criticizing him for being super rich and able to afford to isolate himself from and to avoid such hassles. I just wish he and some (not all, but some) like him hadn't lost sight of what its like to have to personally deal with our own personal problems.
 
If you are from the US: Data Breach Notification Laws by State | IT Governance USA.

In the UK: Personal data breaches.

Not that laws apply to these guys.
axe0 said:
https://haveibeenpwned.com/ has been updated for this data breach.

It's now also possible to search for compromised phone numbers for this particular Facebook data breach in HaveIBeenPwned.

Format to use when searching a phone number: <country code><phone number>, e.g 31612345678.
A few remarks on this:
- with 06-phone numbers, the first zero should be omitted
- the '+' in the country code is not a requirement but can be included as well.

I have tested the above for accuracy, I've been a victim of this as well. :(
Click to expand...
I've used this before and again today, as soon as I enter my e-mail I think, now these assholes have my email.;) It does however give some peace of mind with eliminating the unknown.
 
Digerati said:
You think he is still using that same phone number? I sure doubt it. I also doubt he went through all the hassles, did all the legwork, and endured all the stress to switch to a different number too. A process that includes the tedious task of informing all ones personal contacts of the new number. No doubt, his personal assistant/secretary did it for him - likely just handing him a new phone at the end of the day that was all set up and ready to go. My point being, he likely does not know or really understand what a PITA and waste of time it is dealing with the consequences of having your personal information compromised.

I congratulate him for his success in life. I really do. I am not criticizing him for being super rich and able to afford to isolate himself from and to avoid such hassles. I just wish he and some (not all, but some) like him hadn't lost sight of what its like to have to personally deal with our own personal problems.
Click to expand...
Furthermore, if one of the richest men in the US/World decides to go with a covert app, why not an equally covert name like maybe Batman?
 
I wonder why I still live in Nebraska. They have some of the worst tax laws in the country - especially against the retired and elderly. Scroll down to the map of the US here, and the dark red state in the middle, that's Nebraska and its one of the worst because of poor leadership (Pete Ricketts of the billionaire family who founded Ameritrade), and yes, this guy who always tells the truth. :rolleyes:

Nebraska's Data Breach Notification law has this nice little clause,
  • Notice must be made without unreasonable delay, unless an investigation determines it is unlikely the personal information will be used for unauthorized purposes.
Click to expand...
And who gets to do the investigation and decide if the hacked personal information is likely or unlikely to be used for unauthorized purposes? The hacked company - the same company that was entrusted to protect that data. The fox. This one.
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top