Understanding the Value of Privacy Via the Facebook Data Leak “They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” ― Benjamin Franklin If a researcher conducted a survey asking people how important personal privacy is to them, the vast majority of respondents would reply “very important,” even though those same respondents would probably engage with social media platforms such as Facebook, Instagram, or Twitter within minutes of answering the survey. This is the problem with the word “privacy” — a very subjective concept among us as different people look into the same problem from a different angle. Digital privacy presents a new angle. These days, we are forced to weigh either privacy or convenience and usefulness. on giving up part of our identity globally. Some individuals have no concern about the general public knowing intimate aspects of their lives, posting every vacation, meal, and life event to an overabundance of social media followers. Social media platforms exacerbated the problem by lowering our guards These people of their personal information, and for this, they are at risk of irreversible damage. value digital engagement and social interaction much more precious than they value the privacy I did not pay too much attention to the leak . She told Business Insider that the data was scrapped due to a vulnerability that the company patched in 2019. That means the problem is fixed, in her perspective. until I saw the Facebook spokesperson’s tweet https://twitter.com/liz_shepherd/status/1378398417450377222 I do not know much about Liz, so I would not comment on her tweet, but if she thinks a data leak is a matter that can be fixed afterward, like filling the hole on the ground, then she is missing the largest piece of the puzzle. The Origin of the Leak A user of a low-level hacking forum posted the records of hundreds of millions of Facebook users for free online on This is no surprise for many of us; still, it is concerning, and some of the insight may worth mentioning not just to my friend but everyone who cherishes privacy. 3rd April 2021. According to , the data exposed involves , including over 32 million records on users in the US, 11 million on users in the UK, and 6 million users in India. More alarming is that the records hold the following information: Business Insider over 533 million Facebook users from 106 countries phone numbers Facebook IDs full names locations birthdates bios email addresses According to Alon Gal, CTO of cybercrime intelligence firm , who when a user in the same hacking forum advertised an that could give phone numbers to users in exchange for money. Hudson Rock first discovered the leaked data in January automated Telegram bot The Telegram bot lets users enter either a phone number to obtain their Facebook ID or visa versa. The bot's initial results are redacted, but users can buy credits to reveal the full phone number. Facebook said the data contained Facebook IDs created . Facebook also tested the bot itself against newer data and that the bot did not return any results. before Facebook’s fix of the contact vulnerability Three Instant Actions to Limit Your Loss If you are having a hard time finding the database online and check if you are on the list, it is a waste of time. The first thing you want to do is . What is exposed is not recoverable on your side, as you never know who gained access to your data. to assume your data is exposed 1# Check if You Are Over-Exposed I often use the term “ ” to illustrate . Like what you are doing physically when going to the public, try keeping a distance between you and other people is the best way to avoid infection. digital social distancing the concept of Least Privilege After you know that what is leaked, you may want to , check on all your social media platforms and instant message applications for personal information published. limit the exposure of yourself online from now on If you think it is what you want people to know, then leave it as it be. But if you are scared something like what Facebook did this time would happen again (and it would probably will), try giving up your information on a “Need-To-Know” basis. 2# A Strong Password Personal data could be used as something to identify who you are. If it was in the wrong hands, they could disguise you and claim what you have on your behalf without knowing it. Protecting your identity would require stronger authentication. I strongly recommend adding a layer of security by enabling for your accounts. Two-Factor Authentication If you think that would be too difficult to start, start with changing your password. I wrote about this earlier this year and hoped you would find it useful in the wake of this kind of hacks. Firefox offers free services to safeguard users' privacy. FOr example, we can use Firefox Monitor to keep tracking if our email accounts are exposed to breaches. (If that is the case, you may consider using another email to avoid spam or targeted email attacks.) But the most recent innovative solution to prevent email exposure in the first place is interesting. It is called “ Firefox Relay. ” Firefox Relay makes it easy to create aliases, randomly generated email addresses that forward to your real inbox. Use it to protect your online accounts — and your identity — from hackers. In short, it is an easy-to-use tool to give a random email address to sign-up online. Firefox Relay would act as a middle man to pass along the messages from the random email accounts to your true email address. By that, if the sign-up website is hacked or it was originally a phishing website, your email is safe, at least. The Three “What” During Data Sharing When deciding on sharing personal information, there are three “What” you should consider: 1# What Personal Information Is the Company Asking For? Some websites may only ask for basic information such as a zipcode or an email address. Still, others may ask for a phone number, home address, or personal ID number. As mentioned, if this information was stolen, you lose it forever. 2# What the Company Does With the Personal Data It Collects? What kind of personal data is being recorded, stored, and especially Many organizations frequently send customers’ data to third parties or use it to conduct targeted marketing and advertising campaigns. Take a look at the user agreement of Facebook as a reminder. shared with third parties. 3# What is the Level of Comfort in Sharing Your Data? There is always a risk that organizations could become victims of cyberattacks. To determine how risky associating with certain circumstances can be, please make sure to: Look for the section that can answer the two “What” above. No need to read it thoroughly, but do not click “agree” immediately. Read the organization’s terms and conditions and privacy policy statements. as defined by GDPR, CCPA, and other data/ privacy regulations. Knowing your rights does not immediately make your data safer but could tell you when and how to find the organization accountable after an incident. Learn about your privacy rights Final Words — The Value of Privacy Different from our physical world, we may not be aware that data is being stolen. When digital data is “stolen,” in fact, the data is still there. All “0” and “1” can duplicate infinitely without an error. Putting this into our personal data, hackers could use the perfect copies for impersonations or phishing. A phishing message possibly related to the Facebook leaks | Copyright by the author One example is the message I got yesterday from a friend saying that he send me the SMS by error. But the truth is his phone number was exposed and hijacked to use as a pawn for further hacks. If I replied the SMS code to the spammer, then he/ she could gain access to my WhatsApp and send messages to my contacts. Although the exposed data is from 2019, it is definitely a great risk to most of us. Unlike a password, which could be changed if it was stolen, you would not change your full name if you find your data is exposed (right?). Personal data, in a sense, is part of who you are. If your biometric data, such as registered fingerprint, was stolen, then you cannot use it as your identity anymore. Why is that? Because you cannot use it to prove it is truly you if someone else also has the same attributes. That is also the reason why biometric data are mostly stored locally to prevent massive leaking. As a result, . There is no way to take it back, and the best you can do is to use another finger for authentication and revoke the enrollment for the previous one. Keep this in mind, so you really understand the value of privacy is unique. once the personal information is exposed, you lose them forever People think only criminals need to hide. Sadly, they do not know We do nothing wrong when we go to the bathroom or have sex. Still, we keep it private. We keep our private journals, sing in the shower, and keep secrets to ourselves as we know that privacy is a basic human need. Privacy is our right. So hey Facebook, rather than saying you fixed the problem for us already, with the power and scale of Facebook, why don’t you take a more proactive step to help users to know what is lost and what needs to be changed? Lastly, for those who want to check if you are exposed. Try it out at : HIBP and Firefox Monitor https://haveibeenpwned.com/ https://monitor.firefox.com/breach-details/Facebook Thank you for reading. May InfoSec be with you🖖. Also published at https://medium.com/technology-hits/all-533-000-000-facebook-records-were-just-leaked-for-free-so-what-43a15f5ffcfb

Facebook

Instagram

Twitter

Visa

Oxidative Priority: Understanding the Science Behind Fat Loss

About My Recent Encounter With a Credit Card Scammer

2021 - HackerNoon Contributor of the Year - CULTURE

Support Me on Coil

2021 - HackerNoon Contributor of the Year - PERSONAL-DATA

Nominated for 2022 - HackerNoon Contributor of the Year - Cybersecurity

Nominated for 2022 - HackerNoon Contributor of the Year - Security

Nominated for 2022 - HackerNoon Contributor of the Year - Privacy

Nominated for 2022 - HackerNoon Contributor of the Year - Beginners Guide

Nominated for 2022 - HackerNoon Contributor of the Year - Containers

Nominated for 2022 - HackerNoon Contributor of the Year - Data Privacy

Too Long; Didn't Read

Understanding The Facebook Data Leak: 533,000,000 Facebook Records Were Leaked

Understanding The Facebook Data Leak: 533,000,000 Facebook Records Were Leaked

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

Windows Sticky Keys Exploit: The War Veteran That Never Dies

06/02/2018: Biggest Stories in the Cryptosphere

0-Days are on the Rise and that Means a Lot More Work for SOC Teams

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

The Noonification: How the Liver Transplant System Changed Forever (11/25/2023)

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

Windows Sticky Keys Exploit: The War Veteran That Never Dies

06/02/2018: Biggest Stories in the Cryptosphere

0-Days are on the Rise and that Means a Lot More Work for SOC Teams

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

The Noonification: How the Liver Transplant System Changed Forever (11/25/2023)

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps