In a major privacy breach, the personal data of nearly 533 million Facebook users from more than 100 countries was allegedly leaked online and posted for free on low-level hacking forums, according to multiple sources. The leaked details include names, gender, occupation, marital and marital status, incorporation date, and users’ workplace.
The database, which was first leaked in 2019, was initially sold on the instant messaging platform Telegram for a fee of $ 20 per search. Later, Facebook said it had patched the vulnerability that caused the leak. But, in June 2020, and then in January 2021, the same database was leaked again. The vulnerability was the same: it allowed users to look up a person’s number. Alon Gal, co-founder and chief technical officer of cybersecurity firm Hudson Rock, was the first to point this matter out.
In a new Twitter post on Sunday, Gal once again shared the details of the leaked database, which contained the information mentioned above, and said that if someone had a Facebook account, it was highly likely that such details had been leaked . According to the database of the latest alleged leak, details of up to 5.5 million users from Afghanistan, 1.2 million from Australia, 3.8 million from Bangladesh, 8 million from Brazil and 6.1 million from India. they had been posted for free on various forums. .
Facebook did not respond to an email seeking comment on the alleged database that was released for free. The Sunday Express was able to independently verify some of the data in the latest database.
This is the second such case in 10 days in India where claims from a leaked company user database have resurfaced. Earlier this week on Tuesday, details of up to 10 million million Gurgaon-based mobile payment users and digital wallet company MobiKwik were reportedly leaked and sold on the darkweb.
As is the case with the latest Facebook data dump, said MobiKwik dataset had also been in the public domain for over a month. The issue gained prominence on Monday after the so-called data dump was said to have been posted for sale on darkweb. Later, a link with a search bar, where anyone could search if their phone number or email address and other details were present in the data dump, was available on the darknet.
India does not have a robust mechanism for the protection of user data and criminal prosecution, if any, in cases of data breaches. The Personal Data Protection Bill, which is said to contain provisions dealing with the same, has been pending at Lok Sabha since 2019.
A Joint Parliamentary Committee, which was initially supposed to report on the bill by March, has requested an extension until the first week of Parliament’s monsoon session. In the absence of the bill, the Information Technology Act of 2000 and the rules drawn up in 2011 form a data protection regime, which various experts have said are inadequate.
.
