First reported by Business Insider, personal information of more than 500 million Facebook users has been discovered in a forum on the dark web. The information, which spans users from at least 106 countries, includes phone numbers, Facebook log-in IDs, full names, locations, birthdays, and email addresses.
Alon Gal, the chief technology officer of cyber intelligence firm Hudson Rock, discovered the leaked data on Saturday. “A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social-engineering attacks [or] hacking attempts,” Gal told Business Insider.
The bulk of the leaked data stems from a 2019 vulnerability which Facebook fixed immediately. This is significant, because it proves that once information is leaked, it can be nearly impossible to expunge from the web, even for a giant like Facebook.
No matter how strong your company’s cyber defense, you are vulnerable to third party breaches. For example, if one of your employees has used their business email address when signing up for Facebook, it may have been leaked in this data set. Similar leaks have impacted LinkedIn, Canva, and countless other companies used extensively by American businesses.
ou may be wondering… if hackers only get your email address, name, and phone number, can they really execute successful cyber attacks? Unfortunately, the answer is yes.
The most common attack stemming from data leaks is email or phone-based social engineering. Armed with thousands (or in this case, millions) of real email addresses, hackers send out phishing emails in bulk, hoping that you or your employees click on the malicious links in their messages. Once clicked, these links can lead to malware being embedded in your network.
As usual, the best solution is prevention. Contact your insurance broker today!
Related: Dark Web Scanner FAQs