533 million Facebook profiles

As you're probably aware, recently a vast trove of Facebook profiles totaling 533 million in all, wound up on a hacker forum. The company was initially silent about the issue, but the company has now released a statement about the matter. Unfortunately, that statement isn't terribly reassuring.

The good news, if you can call it that, is that the company reassured its users and investors that it wasn't hacked.

The bad and unsettling news is that Facebook says the hackers simply scraped the profile information from their website. The company stressed that the system itself was not breached, but rather, that the hackers used a large set of phone numbers linked to the profiles they ultimately made off with.

Based on a review of a sample of the data, nearly every record published to the hacking forum contained that user's cell number, Facebook ID, name, and gender. While that's not sufficient to outright steal someone's identity, it represents an excellent start from a hacker's perspective.

 

Facebook's statement

"This is another example of the ongoing, adversarial relationship technology companies have with fraudsters who intentionally break platform policies to scrape internet services." 

"As a result of the action we took, we are confident that the specific issue that allowed them to scrape this data in 2019 no longer exists."

A deeper look into the matter reveals that the 'specific issue' in question that allowed the massive data leak was a feature called 'Contact Importer' that ostensibly made it easier for friends to find one another on the platform. As it turns out, hackers quickly learned they could abuse the feature and Facebook ultimately pulled the plug on it, but of course, not before the hackers made off with hundreds of millions of user profiles.

 

My perspective

Independent security researchers around the world were less than impressed by the company's delayed, and somewhat lackluster response. In trying to paint the issue as being old news, they completely miss the point. More than half a billion of their users saw their data compromised because of a feature the company itself introduced and then later deactivated, when its potential for abuse came to light. For a company as enormous as Facebook, it's not a good look.

 

~ As Ricky Ricardo might say - "Lucy, you got some 'splaining to do" ~

 


By Denis Wilson

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter

I am also a published author and speaker on cloud computing, work@home, and cybersecurity. I work extensively with business and professional associations to provide small business technology education programs.

 

Contact me if you would like me to speak to your association