Irish regulator investigates “old” data dump

Mark Zuckerberg's gesture with his arms open in front of the padlock symbol on stage during a privacy speech

Mark Zuckerberg’s gesture with his arms open in front of the padlock symbol on stage during a privacy speech

A data breach containing the personal information of hundreds of millions of Facebook users is being considered by the Irish Data Protection Commission (DPC).

The database is believed to be a mixture of Facebook profile names, phone numbers, locations, and more than 530 million other facts.

According to Facebook, the data is “old” and is due to a previously reported 2019 leak.

However, the Irish DPC said it would work with Facebook to confirm that was the case.

With Facebook’s European headquarters in Dublin, which has become an important regulator for the EU, Irish regulators are essential to such investigations.

The latest data dump appears to contain the entire compromised database from the previous leak, which Facebook said it discovered and fixed more than a year and a half ago.

However, datasets are now available for free on hacking forums and are much more widely available.

According to researchers who viewed the data, it covers 533 million people in 106 countries. This includes 11 million Facebook users in the UK and more than 30 million Americans.

Not all data is available to all users, but large leaks raise concerns from cybersecurity experts.

Graham Doyle, Deputy Commissioner for DPC, said recent data dumps “look like” from a previous leak, and that the data scraping behind them occurred before the EU’s GDPR privacy law came into force. It was.

“But following media coverage this weekend, we’re investigating the issue to see if the dataset being referenced is actually the same as reported in 2019,” he adds. I did.

Phone problem

Despite the claim that the data is “old,” some security researchers are concerned because the nature of the data involved remains the same.

For example, it is unlikely that many people’s phone numbers will change in the last few years, and other information such as date of birth or birthplace will not change.

Cybersecurity celebrity Alon Gal, who tweeted as @UnderTheBreach, wrote that the phone number database first appeared in January, allowing hackers to search the phone database for a small fee.

However, a widespread database breach “means that if you have a Facebook account, it’s very likely that the phone number used for that account has been breached.” He tweeted..

“I’ve never seen Facebook admit this absolute negligence in your data,” he added.

Microsoft executive to run, Tory Hunt HaveIBeenPwned -An online service that allows users to see if their information is involved in a data breach- The query was 6 times normal Because the news of the database release was broken.

He also suggested that leaked datasets could be very useful “for targeted attacks that know someone’s name and country,” but use them for full-scale large-scale cyberattacks. Is much more difficult.

“But for spam based on using only phone numbers, it’s money,” he added.

“Recently, there are tons of services that require only phone numbers, not just SMS, and it’s now possible to conveniently classify hundreds of millions of services by country using mail merge fields such as name and gender. . “