After the revelation that personal information of more than 500 million Facebook users was leaked online, an important question arose: Was my data leaked?

An equally important question would be: What do I do about it?

It seems that the best solution is to do nothing other than watch out for bad guys – accessing the leaked information could mean breaking the law.

It wasn’t only a phone number here and there: Private data not listed in the users’ public profiles also appeared as well as user location information, job details, gender information and other details.

The data is two years old. A Facebook spokesperson told Business Insider it was scraped because of a vulnerability that Facebook patched in 2019.

The information could still be dangerous, according to Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, who discovered the leaked data Saturday.

“A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks (or) hacking attempts,” Gal told Insider. 

 Gal noted that an anonymous hacker created a “Telegram bot” that could — for a fee — search the database for specific phone numbers.

But that, too, could be illegal. In fact, there are few, if any, legitimate methods of finding out about the status of your personal records. One could download all 106 individual files but accessing and possessing stolen data is often considered a violation of the Computer Fraud and Abuse Act. 

And the “Telegram bot”? ZDNet’s Larry Dignan told CBS that the data is likely illegal to access and use. 

Dignan says to just keep monitoring your email for phishing scams and consider signing up with a credit monitoring service.

Add comment