Facebook hit with another data leak of 1 lakh users, claim researchers

Meta-owned Facebook faced a data breach affecting at least one lakh users, as claimed by researchers on Monday. Cybersecurity experts from CyberPeace reported that 100,000 lines of new user data from Facebook, including personal details like names, profiles, emails, phone numbers, and locations, were disclosed on a data breach platform. 

This exposure could result in phishing attacks and other malicious activities targeting the impacted individuals. The identity of the culprits behind this breach remains unknown. 

Facebook is yet to respond to these assertions. Researchers are investigating to ascertain if this incident is the work of a sophisticated cybercriminal syndicate, hacktivists, or other malicious entities. They emphasised that Facebook may face reputational harm due to data security apprehensions, potentially impacting user trust. 

This security breach sheds light on the persistent cyber threats faced in the digital realm. Notably, Facebook has been previously impacted by similar breaches. 

In April 2021, information from more than 530 million Facebook users was publicly disclosed on an online hacking forum. This data was acquired in 2019 by hackers who exploited a vulnerability in Facebook's contact importer tool, with the majority being phone numbers and only 2.5 million email addresses. 

While Facebook patched the vulnerability in September 2019, they chose not to notify affected users, claiming it as a typical issue for social media platforms. 

Meta was fined €265 million by the Data Protection Commission of Ireland in November 2022 for GDPR violations, following Instagram's €405 million fine in September 2022. In June 2020, Facebook engineers identified a flaw allowing unauthorised access to user data by third-party developers. The issue was promptly rectified and publicly disclosed on 1 July, 2020. 

Despite enforcing restrictions on developer access post the Cambridge Analytica scandal, thousands of developers retained access until the issue was resolved. 

This incident underscores the importance for organisations to continually bolster their cybersecurity practices to safeguard user data and uphold public confidence.