Logo

American Security Council Foundation

Back to main site

Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

Was My Facebook Data Leaked? What You Need to Know

Friday, April 9, 2021

Categories: ASCF News Cyber Security

Comments: 0

im-320916

Data from a 2019 hack of Facebook Inc. FB -0.41% was made public in recent days, revealing the phone numbers and personal information of more than a half-billion people.

While the data came from a vulnerability of Facebook platforms that the company says it has since fixed, security experts say that scammers could use the information for nefarious purposes like spam email and robocalling. Regulators in Europe have asked Facebook for more details about the data leak. Facebook said Tuesday in a blog post that the data leak reflects the ongoing need to police actions of bad actors on its platform.

Here is what you need to know.

How do I know if my information was in the leak?
Facebook hasn’t commented on whether it will notify users to check if their information was swept up in the incident. But some cybersecurity experts have created sites that allow people to see if their information was contained in data leaks.

One such site is haveibeenpwned.com, where you can enter your phone number or email address and see the result. The website, which allows people to check if their information was swept up in different data breaches, was created by Australian web-security consultant Troy Hunt.

Facebook didn’t immediately comment on the reliability of third-party sites that help people identify whether their information had been scraped from the platform.

What data was leaked?
The troves included phone numbers, email addresses, birthdays, hometowns, relationship status and more from users in several countries world-wide.

What should I do to protect my accounts?
A good practice is to enable two-factor authentication for logging into Facebook. If activated, you will be asked to enter a special login code or confirm your login attempt each time someone tries to access Facebook from an unfamiliar browser or mobile device.

Facebook provides instructions on how to use two-factor authentication on its website. The company also said users should regularly review their settings to ensure alignment with what they want shared publicly.

Identifying a blanket course of action for people whose data was leaked could be difficult because a lot of the information, unlike passwords and credit-card numbers, can’t be changed.

How was the data exfiltrated from Facebook?
Facebook says the vulnerability was the result of a weakness in the company’s contact importing function, an issue that it has said was identified and fixed in August 2019.

To address the issue, Facebook blocked people from being able to find users via their phone numbers across Facebook and Instagram. The company in 2019 found that software could be used to connect which phone numbers were associated with specific users. The tactic also enabled someone to query a set of user profiles and obtain certain information from their public profiles.

“This is another example of the ongoing, adversarial relationship technology companies have with fraudsters who intentionally break platform policies to scrape internet services,” Facebook said in an April 6 blog post.

The data were extracted from the platform before the changes made by Facebook and later sold by hackers.

What happened to the data?

The hackers began selling the data online to bidders soon after it was accessed. Alon Gol, chief technology officer of the Israeli cybersecurity firm Hudson Rock, said it was initially sold for tens of thousands of dollars, and the price kept dropping until it was recently made available for free on sites like raidforums.com.

Hackers often release data for free once it has been circulated long enough, said Zack Allen, senior director of threat intelligence at ZeroFOX, a Baltimore-based cybersecurity company.

What can hackers do with the data?
The number of accounts involved, about 533 million, is high. “Half a billion of anything is a lot,” said Alex Holden, chief information security officer of Hold Security LLC. But he added that most of it is semipublic information that is often displayed on Facebook pages anyway. The hacked data don’t include more sensitive information like passwords, credit-card information or social-security numbers.

He said the information could be used for “social abuses” like robocalls and spam emails.

Mr. Allen said the data from the breach could be used by scammers to send malicious text messages, and they could potentially try to take over some phone numbers using SIM swapping technique, where they use the personal information stolen in the hack to swap the phone number onto another device.

“It’s a fallacy to believe that old data is bad data,” Mr. Allen said. “For example, the LinkedIn breach from the early 2010s was used by the Guild of the Grumpy Old Hackers to guess former President Donald Trump’s Twitter username and password in 2016.”

Why does this hack matter?
Facebook has an enormous amount of information on its 2.8 billion users world-wide, and is a reminder that hackers will try to harvest that data for other purposes.

“While we can’t always prevent data sets like these from recirculating or new ones from appearing, we have a dedicated team focused on this work,” Facebook said in its April 6 blog post.

Facebook has faced controversy in the past from how its data is accessed and used, including when Cambridge Analytica, a data firm with ties to Mr. Trump’s 2016 presidential campaign, improperly accessed data on tens of millions of Facebook users.

The company paid a $5 billion fine levied by the Federal Trade Commission in 2019 as a result of the Cambridge Analytica affair and other issues with securing user data. It has since faced regulatory scrutiny in other jurisdictions over data-privacy issues.

Ireland’s Data Protection Commission, which oversees Facebook because its European Union headquarters are in Dublin, issued a statement on April 6 that it had contacted Facebook regarding the recent data leak since a significant number of people affected are EU users. It recommended people be vigilant regarding any services they use that require authentication using a phone number or email address in case third parties attempt to gain access.

—Bowdeya Tweh contributed to this article.

Photo: A 2019 hack of Facebook is back in the spotlight now that data from more than 500 million users of the social media site has been made public.
PHOTO: JOSH EDELSON/AGENCE FRANCE-PRESSE/GETTY IMAGES

Link: https://www.wsj.com/articles/was-my-facebook-data-leaked-what-you-need-to-know-11617751579?mod=tech_lista_pos2

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.