Archives for April 4, 2021

Half a Billion (with a ‘B’) is Facebook’s Largest User Account Leak

Sometimes you have to be called into the chair at a moment’s notice. Facebook’s largest ever data breach happened over the weekend and Mark Starling is on the case for First News 570 listeners.

First, don’t panic.

Second, this leak comes from a breach Facebook encountered in 2019. The actual breach came from a vulnerability that gave hackers the ability to scrape user account details from the website. Facebook patched this vulnerability after it occurred in 2019. The data has been available in hacker groups for the last two years, but it wasn’t until last week that the data was made available for virtually free. Well, not for free, but $2.19.

Third, find out if you’re a victim by checking your email address at Have I Been Pwned?

(My email isn’t in this specific breach. It’s in others though.)

Facebook hasn’t come out with too many details concerning the breach other than, “why are you bringing up old stuff,” and it’s been patched.

The breach is massive, and global in scale.

Only (ONLY?!) 32 million account records are in the breach, 11 million from the UK, 6 from India, and others from elsewhere. The records contain names, addresses, phone numbers, and other personally identifiable data. The breach also contains…passwords. These passwords were tested by journalists at Business Insider by matching the user account names with the stolen passwords.

Other Tips

Some people may look at these breaches with a yawn, but if you are concerned, now might be a good time to change your Facebook and other social media account passwords. If the burden for keeping track of all of this information is too much, you may want to consider an online vault like 1Password.

Real Talk

Breaches have become a common occurrence. In most cases the breaches are because of negligent behavior on the service you are using due to keeping databases open to the public or keeping the default passwords for services in use. It’s good practice to follow these steps to enhance your security:

  1. Change your passwords regularly.
  2. Reduce the amount of PII you share on social media sites. Or any site for that matter.
  3. Use Two Factor Authentication (2FA or MFA) when you can. Two factor authenticator uses a password and a text or email delivered code to ensure you are who you are at the time you login.