{"id":3237,"date":"2021-04-06T06:08:12","date_gmt":"2021-04-06T06:08:12","guid":{"rendered":"https:\/\/www.tech-battery.com\/batteriesblog\/?p=3237"},"modified":"2021-04-06T06:08:12","modified_gmt":"2021-04-06T06:08:12","slug":"facebook-leak-irish-regulator-probes-old-data-dump","status":"publish","type":"post","link":"https:\/\/www.tech-battery.com\/batteriesblog\/facebook-leak-irish-regulator-probes-old-data-dump\/","title":{"rendered":"Facebook leak: Irish regulator probes &#8216;old&#8217; data dump"},"content":{"rendered":"\n<p>A data leak involving personal details of hundreds of millions of Facebook users is being reviewed by Ireland&#8217;s Data Protection Commission (DPC).<\/p>\n\n\n\n<p>The database is believed to contain a mix of Facebook profile names, phone numbers, locations and other facts about more than 530 million people.<\/p>\n\n\n\n<p>Facebook says the data is &#8220;old&#8221;, from a previously-reported leak in 2019.<\/p>\n\n\n\n<p>But the Irish DPC said it will work with Facebook, to make sure that is the case.<\/p>\n\n\n\n<p>Ireland&#8217;s regulator is critical to such investigations, as Facebook&#8217;s European headquarters is in Dublin, making it an important regulator for the EU.<\/p>\n\n\n\n<p>The most recent data dump appears to contain the entire compromised database from the previous leak, which Facebook said it found and fixed more than a year and a half ago.<\/p>\n\n\n\n<p>But the dataset has now been published for free in a hacking forum, making it much more widely available.<\/p>\n\n\n\n<p>It covers 533 million people in 106 countries, according to researchers who have viewed the data. That includes 11 million Facebook users in the UK and more than 30 million Americans.<\/p>\n\n\n\n<p>Not every piece of data is available for every user, but the large scale of the leak has prompted concern from cyber-security experts.<\/p>\n\n\n\n<p>Facebook sued for &#8216;losing control&#8217; of users\u2019 data<br>\nWhatsApp to limit service to all who reject terms<br>\nZuckerberg pledges &#8216;privacy-focused&#8217; Facebook<br>\nThe DPC&#8217;s deputy commissioner Graham Doyle said the recent data dump &#8220;appears to be&#8221; from the previous leak &#8211; and that the data-scraping behind it had happened before the EU&#8217;s GDPR privacy legislation was in effect.<\/p>\n\n\n\n<p>&#8220;However, following this weekend&#8217;s media reporting we are examining the matter to establish whether the dataset referred to is indeed the same as that reported in 2019,&#8221; he added.<\/p>\n\n\n\n<p>Phone issues<br>\nDespite the claims of the data being &#8220;old&#8221;, some security researchers remain concerned due to the unchanging nature of the data involved.<\/p>\n\n\n\n<p>Phone numbers, for example, are unlikely to have changed for many people in the past two to three years, and other information &#8211; such as a date of birth or hometown &#8211; never change.<\/p>\n\n\n\n<p>Alon Gal, a well-known personality in cyber-security circles who tweets as @UnderTheBreach, wrote that the phone number database first appeared in January, where hackers could look up the phone database for a small fee.<\/p>\n\n\n\n<p>But the widespread leak of the database &#8220;means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked,&#8221; he tweeted.<\/p>\n\n\n\n<p>&#8220;I have yet to see Facebook acknowledging this absolute negligence of your data,&#8221; he added.<\/p>\n\n\n\n<p>This is a cautionary tale on a colossal scale.<\/p>\n\n\n\n<p>It&#8217;s actually terrifyingly common for companies to store customer data in large, unsecured databases.<\/p>\n\n\n\n<p>Often they are discovered by well-meaning security researchers and are either deleted or made safe swiftly before the bad guys stumble upon the treasure trove.<\/p>\n\n\n\n<p>However, sometimes it&#8217;s too late.<\/p>\n\n\n\n<p>This case highlights that a company&#8217;s defence &#8220;we&#8217;ve fixed it now&#8221; is not good enough.<\/p>\n\n\n\n<p>The horse had bolted long before the stable doors were closed. And clearly, the horse has been having a field day for years since.<\/p>\n\n\n\n<p>The database has likely changed criminal hands many times before now being offered for free.<\/p>\n\n\n\n<p>Facebook may claim this is &#8220;an old story&#8221;, but clearly it&#8217;s one that keeps coming back to bite it &#8211; and, more importantly, its users.<\/p>\n\n\n\n<p>Presentational grey line<br>\nTroy Hunt, a security expert who runs HaveIBeenPwned &#8211; an online service for users to check if their information has been involved in a data breach &#8211; said queries were six times higher than normal since news of the database&#8217;s release broke.<\/p>\n\n\n\n<p>He also suggested that the leaked dataset could be very useful &#8220;for a targeted attack where you know someone&#8217;s name and country&#8221; &#8211; though it would be much harder to use for a blanket mass cyber-attack.<\/p>\n\n\n\n<p>&#8220;But for spam based on using phone number alone, it&#8217;s gold,&#8221; he added.<\/p>\n\n\n\n<p>&#8220;Not just SMS, there are heaps of services that just require a phone number these days and now there&#8217;s hundreds of millions of them conveniently categorised by country with nice mail merge fields like name and gender.&#8221;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A data leak involving personal details of hundreds of millions of Facebook users is being reviewed by Ireland&#8217;s Data Protection Commission (DPC). The database is believed to contain a mix of Facebook profile names, phone numbers, locations and other facts about more than 530 million people. Facebook says the data is &#8220;old&#8221;, from a previously-reported &hellip; <a href=\"https:\/\/www.tech-battery.com\/batteriesblog\/facebook-leak-irish-regulator-probes-old-data-dump\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Facebook leak: Irish regulator probes &#8216;old&#8217; data dump&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3237","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.tech-battery.com\/batteriesblog\/wp-json\/wp\/v2\/posts\/3237","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tech-battery.com\/batteriesblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tech-battery.com\/batteriesblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tech-battery.com\/batteriesblog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tech-battery.com\/batteriesblog\/wp-json\/wp\/v2\/comments?post=3237"}],"version-history":[{"count":1,"href":"https:\/\/www.tech-battery.com\/batteriesblog\/wp-json\/wp\/v2\/posts\/3237\/revisions"}],"predecessor-version":[{"id":3238,"href":"https:\/\/www.tech-battery.com\/batteriesblog\/wp-json\/wp\/v2\/posts\/3237\/revisions\/3238"}],"wp:attachment":[{"href":"https:\/\/www.tech-battery.com\/batteriesblog\/wp-json\/wp\/v2\/media?parent=3237"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tech-battery.com\/batteriesblog\/wp-json\/wp\/v2\/categories?post=3237"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tech-battery.com\/batteriesblog\/wp-json\/wp\/v2\/tags?post=3237"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}