The personal information of around half a billion Facebook users from more than 100 countries, including Bahrain, has been made public, it has emerged.
The exposed data of about 533 million, which includes more than 1.4m users from Bahrain, was leaked online and the exposed personal information includes phone numbers, email addresses, locations and birthdates.
Some of the accounts from Bahrain include individuals with more than one Facebook account and users who are no longer active.
Experts warned yesterday that the hackers could target the compromised Facebook users to gain control whenever they liked ... and may even contact them to reveal further personal information in an attempt to reset passwords and hijack their accounts.
The leaked data that is reportedly available for free on a hacking forum was discovered and reported last Saturday by cybercrime intelligence firm Hudson Rock chief technology officer, Alon Gal, who listed the countries affected, including Bahrain.
Mr Gal
He said that in early 2020 a vulnerability that enabled seeing the phone number linked to every Facebook account was exploited, creating a database containing the information of millions of users around the globe.
The expert said it remains Facebook’s obligation to notify all those affected.
A Facebook spokesperson yesterday acknowledged to the GDN that the data leak had taken place but insisted the incident was dated, in fact detected, dealt with and fixed two years ago.
Facebook records of 533m users including over 1.4m from Bahrain dumped by a hacker on messaging app Telegram
“This is old news that has been previously reported,” stated the spokesperson. “We found and fixed this issue in August, 2019.”
The social media giant said at that time it removed people’s ability to directly find others using their phone number across both Facebook and Instagram.
However, Ali Sabkar, chairman of Social Media Club global, the world’s largest community of social media professionals, said he was not happy with Facebook’s response.
“Even though Facebook says this is old information, the fact is that data was exposed involving about 1.4m users from Bahrain,” Mr Sabkar told the GDN. “Several businesses use Facebook for advertising and list their contact details and personal information, including credit card details.
“Contact details are also required as part of the authentication process of the account.”
However, he said that although people may blame social media in general for the issue, it still remains imperative for all individuals to remain diligent at all times when it comes to sharing personal information.
Ali Sabkar
“All social media users should be careful of fraudsters who can use their mobile phone numbers to make calls, and in return ask for OTP or PIN text messages.
“Do not respond to all these scams, block them immediately.”
Mr Sabkar said, based on the latest statistics, the number of active users from Bahrain are as follows: 890,000 on Instagram, 820,000 signed up on Facebook, 585,000 on Snapchat, 380,000 users on LinkedIn and 324,000 registered on Twitter.
Furthemore, Bahrain-based cyber security firm CTM360 said yesterday it was following up the major data breach and analysing data which they said is around 15 gigabyte in size.
It said 1.4 plus million records belonged to users from Bahrain, adding the personal information had been ‘dumped on an underground forum’ by an ‘unknown threat actor’. “While there is no password or credentials identified in this massive database, the threat actors can still use this information to scam people or impersonate them,” warned the CTM360 spokesman.
“We believe there could be attempts by scammers to hijack Facebook accounts. Scammers attempt to lure users into revealing security codes sent when they attempt to reset passwords. We recommend all users to enable multi-factor authentication on all their social media platforms.”
Another cybersecurity company Proofpoint yesterday urged consumers never to click on links in text messages, no matter how realistic they look in connection with the Facebook data breach. “The online leak of personal information will undoubtedly result in a marked increase in smishing (a cybersecurity attack carried out over mobile text messaging )attacks,” said the company’s Cloudmark Operations vice president Jacinta Tobin.
“It’s a trend we’ve seen continue to grow, especially during the pandemic, with smishing messages already increasing by 300 per cent each quarter over the past 12 months.
“And while the attackers are primarily targeting consumers, we have noticed a concerning rise in attacks on organisations as well, with over 81pc reporting an attack in 2020.”
sandy@gdn.com.bh
&uuid=(email))