Facebook data for millions of SG and MY users allegedly leaked in 2019 resurfaces

Personal data of 533 million Facebook users have been leaked online, including Facebook IDs, phone numbers, full names, birth dates, bios, and in some cases email addresses. According to Reuters which quoted an unidentified leaker, the data is being offered for free.

Facebook's director, strategic response communications, Liz Bourgeois, said in a tweet that the leaked data was old and previously reported in 2019. It also fixed the issue in August 2019. Despite the fix, the data seems to have reemerged online. This was discovered by Alon Gal, co-founder and CTO of cybersecurity firm Hudson Rock which works with companies including insurance firm At-Bay.

In a tweet, Gal said all 533 million Facebook records were leaked for free and that he has yet to see Facebook acknowledging this "absolute negligence of [users'] data". He added that bad actors will use the data for marketing, hacking, scamming, engineering. According to screenshots in his tweet, 11,675,894 individuals in Malaysia were impacted, along with 3,073,009 in Singapore, 130,331 in Indonesia, and 2,937,841 in Hong Kong.

Facebook reiterated the statement made by Bourgeois on Twitter and declined to comment on MARKETING-INTERACTIVE's queries on how it fixed the issue in 2019 and how it is ensuring such an incident will not occur again.

Gal first tweeted about it in January this year, stating that a database containing information of 533 million Facebook users worldwide was created as a result of a vulnerability that enabled phone numbers linked to Facebook accounts to be exploited. Back then, Gal said this was "severely under reported" and the database became "much more worrisome". At that time, he also posted screenshots indicating that a Telegram bot was created to enable users to query the database for a low fee. This allowed people to find phone numbers linked to a huge portion of Facebook accounts, Gal said.

Despite Bourgeois's explanation, several users were unhappy about the leak and pointed out that personal information such as name and date of birth are not "old data" since it remains the same as it was in 2019. Some also wanted details of how Facebook fixed the situation in 2019 and called for more responsibility on the tech giant's part. A handful also criticised the response, with one stating "The gaslighting is strong with this one." Another also called the response "arrogant and self-righteous".

Facebook made headlines in 2018 as a result of the Cambridge Analytica scandal which saw the firm gain access to private information from 50 million Facebook user profiles without permission. Cambridge Analytica subsequently used the data to work on the Donald Trump's presidential campaign in 2016. When news first broke, Facebook's shares too a hit, dipping 11.4% and wiping about US$60 billion off its market cap.

Separately, the tech giant has also called for a creative review, reported Adweek, shortly after calling for a global media review last week. At the same time, it also brought on board New York City-based ad agency Johannes Leonardo to its creative agency roster, Adweek said. In 2019, Facebook named Wieden + Kennedy, BBDO, Ogilvy, Leo Burnett and Droga5 to lead global creative strategy and production for each of its apps and corporate brand. Meanwhile, the global media review covers Facebook, Messenger, Instagram, and WhatsApp. Mindshare and dentsu are defending the account, Adweek previously reported.

Photo courtesy: 123RF

Related articles:
Facebook calls global media review 2 years after unveiling creative roster
After Google, News Corp strikes 3-year deal with Facebook for news
Around 65k Facebook users in SG affected in Cambridge Analytica scandal
Mark Zuckerberg addresses Facebook user data scandal, vows to fix issues
SIA's KrisFlyer and PPS club fall prey to data breach
Personal info of about 129k Singtel customers leaked in data breach
Analysis: Why RedMart SG's data breach is unlikely to dampen Lazada's mega 11.11 bash
Analysis: PR rule book amidst a data breach