Cybersecurity experts provide an insight below on latest facebook data breach in which 533 million Facebook  users phone numbers have been leaked to an online forum, originally Tweeted by Alon Gal, CTO of security firm Hudson Rock.

https://twitter.com/UnderTheBreach/status/1349671294808285184

Experts Comments

April 06, 2021
Paul Martini
CEO
iboss

Industry research has found that the majority of employers have expressed concerns about how social media poses a cybersecurity risk to their networks. With almost 4 billion people on social media platforms, this is certainly a valid concern. While most people consider these platforms as a way to connect or reconnect with friends and family, they hold a lot of personal information about each user. In the wrong hands, this information can have far-reaching impacts at organizations of all

.....Read More

Industry research has found that the majority of employers have expressed concerns about how social media poses a cybersecurity risk to their networks. With almost 4 billion people on social media platforms, this is certainly a valid concern. While most people consider these platforms as a way to connect or reconnect with friends and family, they hold a lot of personal information about each user. In the wrong hands, this information can have far-reaching impacts at organizations of all sizes, both in the public and private sectors. Phone numbers, email addresses and other personally identifiable information found on these sites are a gold mine for threat actors looking to launch spear-phishing or other social engineering campaigns. Organizations should take this as an opportunity to remind their teams about cyber hygiene best practices, such as changing passwords frequently and taking extreme caution before clicking any link in an email.

  Read Less
April 08, 2021
Adam Enterkin
SVP, EMEA
BlackBerry

As the price of personal data climbs, breaches of any size - let alone half a billion users - should no longer be tolerated. Organisations have full responsibility for the data stolen; even seemingly low-stakes data can be used to exploit customers.

 

Organisations must not forget that all personal data in their care is equally valuable. If you collect it, protect it. It is imperative to ensure that appropriate security controls are implemented to keep all data safe from inappropriate or

.....Read More

As the price of personal data climbs, breaches of any size - let alone half a billion users - should no longer be tolerated. Organisations have full responsibility for the data stolen; even seemingly low-stakes data can be used to exploit customers.

 

Organisations must not forget that all personal data in their care is equally valuable. If you collect it, protect it. It is imperative to ensure that appropriate security controls are implemented to keep all data safe from inappropriate or unauthorised access.

 

Additionally, while it’s possible to have security without privacy, it’s impossible to have privacy without security. Privacy is about the ethical and responsible handling of personal data. This is why security is an integral part of ensuring that transparency of privacy practices can be achieved.

  Read Less
April 07, 2021
Jacinta Tobin
Vice President of Cloudmark Operations
Proofpoint

The online leak of personal information will undoubtedly result in a marked increase in smishing attacks. It’s a trend we’ve seen continue to grow, especially during the pandemic, with smishing messages already increasing by 300% each quarter over the past 12 months. And while the attackers are primarily targeting consumers, we have noticed a concerning rise in attacks on organisations as well, with over 81% reporting an attack in 2020. 

 

These text message mobile scams often use fraudulent

.....Read More

The online leak of personal information will undoubtedly result in a marked increase in smishing attacks. It’s a trend we’ve seen continue to grow, especially during the pandemic, with smishing messages already increasing by 300% each quarter over the past 12 months. And while the attackers are primarily targeting consumers, we have noticed a concerning rise in attacks on organisations as well, with over 81% reporting an attack in 2020. 

 

These text message mobile scams often use fraudulent branding combined with urgency and a request that a user clicks a malicious link. Consumers trust mobile messaging, and they are much more likely to read and access links contained in text than those in email. This level of trust paired with the reach of mobile devices makes the mobile channel ripe for fraud and identity theft. To combat these attacks, we recommend that users first ensure they are on the Do Not Call Registry and re-confirm their entry even if they believe that they previously signed up, as the registry also applies to text messages. In addition, we encourage mobile users to use the spam reporting feature in their messaging client if it has one.

 

Consumers need to be very sceptical of mobile messages that come from unknown sources. And It’s important to never click on links in text messages, no matter how realistic they look. If you want to contact the purported vendor sending you a link, do so directly through their website and always manually enter the web address/URL. For offer codes, type them directly into the site as well. It’s also vital that you don’t respond to strange texts or texts from unknown sources. Doing so will often confirm you’re a real person to future scammers.

  Read Less
April 07, 2021
Dmitry Galov
Security Expert
Kaspersky

It would not be surprising if attackers were seen using the information obtained from the breach in targeted phishing attacks, whereby attackers send malicious emails that appear to come from a trusted sender, for example, from the email address of your Facebook friend. Attackers could also use the information to impersonate the person whose data was breached. In order to stay safe from scammers who may be exploiting this data, take extra precaution when you receive emails that seem

.....Read More

It would not be surprising if attackers were seen using the information obtained from the breach in targeted phishing attacks, whereby attackers send malicious emails that appear to come from a trusted sender, for example, from the email address of your Facebook friend. Attackers could also use the information to impersonate the person whose data was breached. In order to stay safe from scammers who may be exploiting this data, take extra precaution when you receive emails that seem strange—even if they appear to come from someone you trust. Never click on any links or attachments inside emails and always check for strange grammar/spelling errors (a sign that the email is not from the person it claims to be). To protect your personal information online, the best thing you can do is limit the types of information you share on social media platforms. Kaspersky's free Privacy Checker tool can help you configure your social media accounts' privacy settings to provide the appropriate level of security.

  Read Less
April 07, 2021
Jake Moore
Cybersecurity Specialist
ESET

With millions of UK accounts caught up in this breach, it would be a good idea to check your email address by heading to Have I Been Pwned to check this and other breaches for compromises. Unique passwords are vital and corporate mistakes such as this prove how easily personal data can be stolen and used against their victims. Identity theft can be very simple with small amounts of stolen personal data, so victims must be vigilant of follow-up phishing emails. Furthermore, two-factor

.....Read More

With millions of UK accounts caught up in this breach, it would be a good idea to check your email address by heading to Have I Been Pwned to check this and other breaches for compromises. Unique passwords are vital and corporate mistakes such as this prove how easily personal data can be stolen and used against their victims. Identity theft can be very simple with small amounts of stolen personal data, so victims must be vigilant of follow-up phishing emails. Furthermore, two-factor authentication is an important extra layer of protection for all accounts and helps keep threat actors from gaining entry to vulnerable or exposed accounts.

  Read Less
April 06, 2021
Garret F. Grajek
CEO
YouAttest

What is easy to miss when we see a breach of this magnitude of a global corporation is that the hackers are NOT targeting the large brand names like Facebook. There is no question that Advance Persistent Threat (APT) hacks are devised and targeted at the "brass ring" enterprises like Facebook - but we have to remember that the hackers are running scans across all of our systems.

 

To this end, we all have to be diligent that we are monitoring our system and implementing best practices. As the

.....Read More

What is easy to miss when we see a breach of this magnitude of a global corporation is that the hackers are NOT targeting the large brand names like Facebook. There is no question that Advance Persistent Threat (APT) hacks are devised and targeted at the "brass ring" enterprises like Facebook - but we have to remember that the hackers are running scans across all of our systems.

 

To this end, we all have to be diligent that we are monitoring our system and implementing best practices. As the Cyber Kill Chain details, hackers will be executing reconnaissance on our systems and enumerating our assets. Once this occurs, the hacker will then penetrate our systems and attempt lateral movement and privilege escalation. It is in these steps where a comprehensive and updated identity governance practice can spot an attacker who is attempting to change account privileges to enable the compromised accounts to move around the enterprise, find crucial PII/PHI data, and then exfiltrate it.

 

Products and practices that can identify and then alert the enterprise about account breaches are crucial to meeting not only compliance, but to achieving enterprise security.

  Read Less
April 06, 2021
Saryu Nayyar
CEO
Gurucul

This is a huge blow to Facebook. Leaking the personal data of 533 million Facebook users is a data breach of massive significance and consequence. The fines alone could literally cripple the company.

 

11 million of the users whose data was exposed are in the UK. Under GDPR penalties, Facebook faces a maximum fine of £17.5 million or up to 4 % of their total 2020 global turnover - whichever is higher. The UK fine alone could set Facebook back $3.4 Billion.

 

Further, over 32 million records are

.....Read More

This is a huge blow to Facebook. Leaking the personal data of 533 million Facebook users is a data breach of massive significance and consequence. The fines alone could literally cripple the company.

 

11 million of the users whose data was exposed are in the UK. Under GDPR penalties, Facebook faces a maximum fine of £17.5 million or up to 4 % of their total 2020 global turnover - whichever is higher. The UK fine alone could set Facebook back $3.4 Billion.

 

Further, over 32 million records are US users. The California Attorney General can seek civil penalties of $2,500 per violation of the CCPA (California Privacy Protection Agency). So, depending on how many of those users are in California, Facebook could be looking at additional fines in the billions.

 

All in all, a very bad situation for Facebook and as usual, completely avoidable. The data breach occurred because of a vulnerability that the company patched in 2019. Facebook obviously needs to improve the company's maintenance processes to reduce risks from known vulnerabilities.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.