The database, which was first leaked in 2019, was initially being sold on messaging platform Telegram for $20 per search. Facebook had then said that it had patched the vulnerability that has caused the leak.
In a major privacy breach, personal details of about 533 million Facebook users in more than 100 countries have been leaked online and have been released for free on a small number of hacking forums, according to several sources. Details displayed include users' names, gender, occupation, marital and relationship status, date of joining, and place of work.
The database, first hijacked in 2019, was first sold on the instant news site Telegram at a price of $ 20 per search. Facebook has previously stated that it has prevented the impact of the leak. But, in June 2020, again, in January 2021, the same database was leaked again. The vulnerability is similar: it allows users to search for a person's number. Alon Call, co-founder and chief technology officer of the cyberspace company Hudson Rock, first cleared the case.
In a new Twitter post on Sunday, he re-shared details of the leaked database, which included the above information, and said that if someone had a Facebook account, such details could have been leaked. As per the latest leaked data, 5.5 lakh users have been released from Afghanistan, 1.2 million from Australia, 3.8 million from Bangladesh, 8 million from Brazil and 6.1 million from India. Save multiple forums.
Facebook did not respond to a request for comment on a suspicious database kept for free. Sunday Express independently confirms some data from the latest database.
This is the second example in 10 days in India that claims from a leaked company user database have surfaced again. Earlier on Tuesday this week, details of 100 million users of Gurgaon-based mobile payment and digital wallet company Mobikwik were released and reportedly sold on the dark web.
Mobikwik said the database has been in the public domain for more than a month, similar to Facebook's latest data deletion. The problem gained prominence on Monday following reports that a so-called data dump was released for sale on Darkweb. Then, a link in a search bar, anyone can discover that their phone number or email address and other details are in the data dump, which is available on Darknet.
In cases of data breach, there is no robust mechanism for user data protection and punitive action in India. The Personal Data Protection Protection Bill, which states that there are provisions to address both, is pending in the Lok Sabha since 2019.
A Joint Parliamentary Committee, which was to submit a report on the bill in early March, has demanded that it be extended to the first week of the monsoon session of Parliament. In the absence of a bill, the Information Technology Act of 2000 and the policies implemented in 2011 create a data security system, which some experts say is not enough.
Posts
