Facebook Exploit – Cybersecurity Advisory

April 2021: CyberHoot received notification of a hacking forum publishing the stolen phone numbers and personal data of 533 million Facebook users. The data was initially part of a breach back in 2019 and has now been made available online to anyone seeking to research people, potentially to target and attack someone, for free.

What Data Was Exploited?

The exposed data includes the personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. The Facebook user’s personal information includes their phone number, email address/Facebook ID, full name, post locations, birthdate, and profile bio.

How Critical Is This Data?

VERY Critical. If you’ve been affected by the breach, it’s important to understand what data was exposed and where that data is used to authenticate you (such as your birthdate when receiving medical treatment).  Many Facebook bios contain a gold mine of personal information.  The more data in your bio the easier it is for hackers to target you with a Spear-Phishing campaign.

Who’s Been Affected?

General Public

The best way to find out if you’ve been affected by this breach is to head to CyberHoot.com (our homepage), enter your email address on your first query, then your phone number on a second query. You may choose to view the report immediately or have it emailed to yourself.  Both reports will list all the Dark Web exposures CyberHoot knows about related to your email and phone number and does now include the Facebook breach data points. Keep in mind only 32 million US accounts were exposed out of 221 million US users). CyberHoot’s report will provide helpful tips such as ways to improve your password security through strong passwords and Password Managers.

CyberHoot Administrators

If you’re a CyberHoot administrator, you can view updated Dark Web exposure data for your users each Monday. This Facebook breach is now found in your Dark Web reports.  Keep in mind that many of your users register personal email addresses for Facebook, but that CyberHoot only uses work email to find exposures. You may wish to alert your staff to have them check their personal emails and phone numbers on CyberHoot’s homepage.

What Can and Should We Do?

CyberHoot has three recommendations for everyone, not just people whose data was stolen here and exposed online.  First, limit the data you place on social media.  Second, do not accept friend requests from people you don’t know personally. They may be fake accounts.  Finally, enable two-factor authentication into your Facebook and Linked In accounts.

1. Limit Social Media Public (and Private) Info

Even if your email address or phone number wasn’t found in the database related to Facebook or other breaches, now’s the time to review your public information and perhaps begin to limit what you publish. Whether you see exposures or not, it is likely time to change your password to a complex and unique 14+ character password or passphrase and store it within a Password Manager. Good for you, if you’ve already done this based upon previous recommendations from CyberHoot.

2. Do Not Accept Every Invitation to Connect

Building your network of contacts on social media is important, but not at the expense of your safety and security. Fake profiles are a scourge of social media and dating websites.  Accepting invitations from people you don’t know directly, allows them to craft purpose-built and convincing spear-phishing attacks against you.  Only accept connections from people you know or were directly introduced to by a friend or colleague.

3. Enable Two-Factor Authentication

It’s also a great time to implement or enable Two-Factor Authentication on your Facebook account and any other accounts containing sensitive information about you (PayPal, Linked In etc.). 2FA makes it very very difficult for hackers to exploit your accounts and steal your data.

What Does This Mean?

While the data is a couple of years old, the leaked data is valuable to hackers who use people’s personal information to impersonate them, committing Identity Theft. Cybercriminals also scam users through Spear-Phishing Attacks into handing over login credentials, according to Alon Gal, the chief technology officer of the cybercrime intelligence firm Hudson Rock, who discovered the leaked data.

“A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social-engineering attacks [or] hacking attempts”

Alon Gal, Hudson Rock

CyberHoot FaceBook Attack Summary:

Trend Micro Explains Social Media Attacks:

Share this on your social networks. Help Friends, Family, and Colleagues become more aware and secure.