with CLIPREVIEWED learn the articleWhy Is Facebook Not Warning Anyone About The 533 Million User Data Leak?
Due to a software vulnerability, a database containing the personal information on 533 million Facebook users is now circulating on the open internet.
So why isn’t Facebook notifying who’s been affected?
Well, the company hasn’t given a straight answer on the matter, except to emphasize the leaked data comes from an already patched vulnerability.
“This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019,” the social network said in a statement.
As a result, you’ll have to use a third-party website to find out if you were ensnared. Or you could try downloading the database yourself. The 20GB archive has already been freely circulating on the internet via a torrent for days now, putting affected users at greater risk.
According to Facebook, the vulnerability in question dealt with the company’s contact importer tool. Back in Sept. 2019, Forbes documented the problem. A security researcher uncovered that you could exploit the contact importer tool to type in a random phone number, and find out which Facebook user it’s been associated with.
Facebook points out the social network itself never provided the phone numbers. It also notes once a phone number was matched to a Facebook ID, only a limited amount of already public information on the Facebook user’s account could then be pulled.
Still, it’s clear someone abused the vulnerability to learn the identities behind phone numbers across the globe. The compiled database containing the 533 million users —32 million of which are based in the US— arranges the data by phone number, Facebook ID, full name, location, and in some cases, it also includes marital status, educational information, email address and employer.
If you’d like to find out whether your data is in the leak, without downloading the 20GB database, you can try two ways. The first involves going to Haveibeenpwned.com, a trusted site that tracks data breaches. It’s received a copy of the Facebook database. Simply enter your email address, and the site will tell you if the address was in the database, an indicator your Facebook account was targeted.
The drawback with Haveibeenpwned.com is the how the 20GB database only contains 2,529,621 unique email addresses. That’s about 0.5 percent for all the user records in the archive, according to Troy Hunt, who runs Haveibeenpwned.com. Instead, the database primarily indexes users through phone numbers, which you can’t input on Hunt’s website.
In response, Hunt says he plans on letting users type in their phone number to check whether they were affected. Expect the feature to arrive on Haveibeenpwned.com on Tuesday.
In the meantime, a user named David Johnstone in Australia has also created a website, where you can type in your phone number to determine whether your information is contained in the leaked database. (US users can click here.)
The only problem is that Johnstone’s website, a news aggregator called TheNewsEachDay.com, was only started a month ago, so it’s still working to build up trust. “I knew there was interest in a tool that could check if one’s phone number was in the data so I decided to make it myself because it was easy and I didn’t have anything else to do on the last day of this long weekend,” he told PCMag in an email.
However, typing in your phone number into a random website isn’t exactly the best idea either. What if the same site is logging your information? In response, Johnstone says his website isn’t secretly recording anyone’s phone numbers. (He himself runs a business called Cycling Analytics, a web app for cyclists to analyze their riding.)
“I’m not saving the number or anything like that (but that’s what a person who is saving the numbers would say),” he told PCMag. “ I’m not sure how much use there is to collect thousands of phone numbers when creating this tool requires having access to millions of phone numbers with names and other personal information, but it’s hard or impossible to prove my code isn’t doing anything nefarious.”
Another site called HaveIBeenFacebooked.com has also popped up, which allows you to enter your phone number to check whether your account was affected. But again, you’ll have to the trust site isn’t secretly logging your phone number.
If your personal information was ensnared, then be on guard. By learning your phone number and name, a cybercriminal could come up with ways to try and scam you.
keyword: Why Is Facebook Not Warning Anyone About The 533 Million User Data Leak?Why Is Facebook Not Warning Anyone About The 533 Million User Data Leak?Why Is Facebook Not Warning Anyone About The 533 Million User Data Leak?