Facebook leak exposes the data of 2.5 million users
Facebook, having experienced a leak of user data before, has found that data in the news once more. The data is broken down into chunks by country and contains users’ mobile number, user ID, first name, last name, gender, residence, birthplace, relationship status, workplace, joined date, email, and birth date. Not all of this data is accessible for every user, as some users have not entered their relationship status for example. The file is delimited by the : symbol, which is also used for the date, and therefore, it would appear that the person who leaked the data is not very familiar with how to store large data sets.
Facebook as a company has some level of legal obligation to protect user data, but one of the big issues with digital data security is that, once the data has been released, it cannot be redacted. Information will live on forever as long as someone is willing to pay for the storage needs for keeping that data available. Facebook is not omnipotent nor all powerful, and their ability to protect user data is relegated to their own servers and really goes no further.
The information was most recently published to a site called RaidForums and users quickly identified that the majority of the data was old and not much of interest. However, the media quickly picked up on this reposting of the leak, and RaidForums pulled the plug on their site as massive amounts of traffic began to roll in. Google cache, however, revealed who had made the post and what public discussions were being had.
Facebook will see this data crop up again and again over time and this leak will probably never go away. However, it will always serve some good as a testament to how not to handle a breach and as a warning to users that whatever data they may share could come out publicly time and time again.
Individuals who suspect or discover their data has been breached should continue to follow best practices including, not providing additional information to callers if asked for things like social security number or to confirm date of birth. They should also closely monitor their credit report and be suspicious of unsolicited emails, phone calls, or other forms of communication.
Remember that no government or law enforcement official will call you to threaten you, confirm warrants, or demand personal information from you.
Stay safe, friend!