3.5 million Canadians
On April 3, cybersecurity researcher Alon Gall announced on his Twitter account that the social network Facebook was providing information on 533 million members or 19% of users on the web for free.
It also includes the name of Facebook CEO Mark Zuckerberg. Of the many, there are 3,494,385 Canadians. The information was quickly verified by media such as Business Insider And widely aired.
This simple text file must collect public user data. This includes first and last name, Facebook ID, phone number, gender, date and place of birth, city of residence, email address associated with the Facebook account and marital status. No password or credit card number, can confirm Tap By downloading a file containing data on affected Canadians.
New for free
In fact, this file has been available in some corners of the web since 2019. The vulnerability to allow its editing has been blocked since September of the same year, Facebook assured in a blog post on April 6th.
This is the first time the social network has clearly detected the presence of this leak. However, this is not the latest news: the motherboard site talked about it on January 25th.
As of April 2019, the security firm Upgrad has revealed that 540 million Facebook subscriber information is circulating on the web, and the tech crunch site published similar news in September 2019.
What’s new this month is that these files are now available and are free.
“Harvest” the data
Facebook guarantees this and experts believe it, this data was not received thanks to hacking the servers of the social network. It is a compilation obtained by automated software that requires very little computer knowledge, and allows data to be “harvested”, as it is called Scraping In English.
The dubious software used Facebook’s function to import contacts, which allowed the software to “jump” from one subscriber to many by gathering available information. It is this vulnerability that Facebook claimed to have deleted in August 2019.
Apparently, the information found in the files of this “leak” is useless to hack the Facebook follower directly. A simple search on a social network will find them. The fact that they are now available for free on the web is an indication of their low efficiency. Because it does not contain passwords, this new tile will fall on Facebook in terms of gravity, with CAM4’s 10 billion compromised accounts by March 2020, or Yahoo! Affected in 2013.
Jean Loop Le Rooks, a computer security expert, believes that this data collection on Facebook “makes life easier for fraudsters and identity thieves”. “It simply came to our notice then. “Marketers” are able to retrieve emails. ”
Other cybersecurity experts are concerned that Facebook followers could be used to phishing, disguising themselves as network executives, or creating that data to make more credible fraudulent emails.
Mr. Le Rooks takes the opportunity to remind us that it is better to publish less of his personal information on the Internet. “The more we see this, the less control we have over the private information we send to companies like Facebook. Their business model is built on trading our private data. ”