Millions of Facebook Accounts on Display on the Dark Web

 Facebook’s many data breaches have far-reaching effects. This past week, a security researcher found more than 533 million Facebook accounts on display on the dark web for all to see.

What Happened?

Hudson Rock’s Chief Technology Officer, Alon Gal, reported that he found 533 million Facebook records online in a dark web forum last week. The records come from accounts in 106 countries and exposed the users’ Facebook ID, name, phone number, location, past locations, birthdate, email address, account creation date, relationship status, and profile information entered by the account owners.

Gal tweeted last week that “Bad actors will certainly use the information for social engineering, scamming, hacking and marketing.”

Facebook responded through the Associated Press with “This is old data that was previously reported on in 2019,” Facebook reportedly said. “We found and fixed this issue in August 2019.” They could not be reached for a live comment about this issue.

The problem with Facebook’s response is that although the security issue may be fixed, the exposed data puts users at risk of identity theft and fraud for years to come. It won’t fix the problem. The data is already out there, and new scammers will continue to try and use it in phishing and other fraudulent campaigns against those 533 million users.

According to Data Breach Today, “Gal first spotted the database earlier this year when he noticed that a malicious actor had created and was advertising a Telegram bot that allowed a person to search the database and find phone numbers linked to accounts, but it was not open at that time.” Unfortunately, the database is now available for use for free.

Other reports claim that the data is old news, but the fact remains, most users keep the same email address and phone number, and their birth dates aren’t going to change, so it’s not old news if their information is making the rounds again with hackers.

The 2019 Facebook Data Breach Responsible for It

Data Breach Today explains that “In 2018, 30 million Facebook accounts were breached, with 14 million accounts suffering an extensive amount of detail compromised. This information included the account holder’s 15 most recent searches, the last ten places they checked into, and the device types used to access Facebook. For another 15 million account holders, the hackers accessed only name and contact details - phone number, email address, or both. The attackers did not gain access to any information for another 1 million people whose accounts were affected (see:  Facebook Clarifies Extent of Data Breach ).”

How Users Can Stay Safe After a Social Media Data Breach

It’s impossible to avoid being part of the many social media data breaches occurring every year. However, as a user, you can take steps to protect your identity and cover yourself against fraud. If your information was involved in a social media data breach:

• Sign up for identity theft monitoring and let the experts watch your back 24/7.
• Change all your social media passwords. Only use long, strong passwords and never reuse them on multiple accounts. 
• Button-up the security settings on all your social media accounts.
• Be very watchful for phishing emails and scam phone calls.
• Never click links in email or text unless you know exactly who it came from. 
• Stay on top of the latest scams and breaches and fraud techniques.
• Never download software from untrusted sources.
• Keep all your devices updated with the latest security patches.
• Install and use good, robust antivirus software. 
• Use common sense; if something appears to be “too good to be true,” it probably is.