قالب وردپرس درنا توس
Home / Business / What really caused the leakage of Facebook’s 500M user data?

What really caused the leakage of Facebook’s 500M user data?



From Saturday, A large amount of Facebook data has been publicly disseminated, and information about 533 million Facebook users has been disseminated from the Internet. The data includes personal profile name, Facebook ID number, email address and phone number. These are all information that may have been leaked or scraped from other sources, but this is yet another resource that links all data together (and connects it to each victim), to spammers, Phishers and spammers provide a neat profile silver plate.

Facebook’s initial response was only because the data was previously reported in 2019, and the company patched the potential vulnerability in August of that year. Old news. But a closer look at the exact source of these data will produce a more blurred image. In fact, these data originally appeared on the criminal dark web in 201

9. The data comes from Facebook’s violations that did not disclose any major details at the time. It was only fully acknowledged in a blog post attributed to product management director Mike Clark on Tuesday night. This data. .

One of the reasons for this confusion is that Facebook has many violations and exposure sources, and these data may originate from this. It is 540 million records disclosed by a third party and disclosed by the security company UpGuard in April 2019-including Facebook ID, comment, like, and reaction data? Or before the Facebook policy change in 2018, the 419 million Facebook user records (including hundreds of millions of phone numbers, names and Facebook IDs) crawled from social networks by bad actors were deleted from the social network. The records have been publicly disclosed and Reported by TechCrunch in September 2019? Is it related to the Cambridge Analytica third-party data sharing scandal in 2018? Or is this related to the large-scale Facebook data breach in 2018, which compromised access tokens and almost all personal data from approximately 30 million users?

In fact, the answer does not seem to be all of the above. As Facebook finally explained in the background comments on WIRED and its blog on Tuesday, the recently publicly recorded 533 million records are completely different data sets created by the attackers by abusing the flaws in the Facebook address book contact import function The data set. Facebook said it had fixed the vulnerability in August 2019, but it is not clear how many times the vulnerability has been exploited before then. The information of more than 500 million Facebook users from 106 countries/regions includes Facebook ID, phone number, and other information about early Facebook users, such as Mark Zuckerburg and US Secretary of Transportation Peter Buttigieg (Pete Buttigieg) and EU Data Protection Commissioner, Didier Reynders. Other victims included 61 people listed as “Federal Trade Commission” and 651 people listed as “Attorney General” in the detailed information on Facebook.

You can check whether your phone number or email address has been exposed in the leak by checking the violation tracking website HaveIBeenPwned. For this service, founder Troy Hunt mediated and absorbed two different versions of the floating data set.

Hunter said: “When it comes to the organization’s information vacuum, everyone will guess and it will cause confusion.”

The closest Facebook previously admitted that the source of this violation was a comment in a news article in the fall of 2019.September of that year Forbes Reported a related vulnerability in Instagram’s mechanism for importing contacts. Instagram mistakenly exposed the user’s name, phone number, Instagram handle and account ID number.At the time, Facebook told the researchers who discovered the vulnerability, saying that the Facebook security team “has been aware of the problem due to internal discoveries.” A spokesperson told Forbes At the time, “We have changed the contact importer on Instagram to help prevent potential abuse. We thank the researchers who raised this issue.” Forbes In the September 2019 story, it was pointed out that there is no evidence that the vulnerability has been exploited, but there is also no evidence that it has not been exploited.


Source link