530 million Facebook users, including nearly 20 million French, were victims of a data breach on Saturday April 3. A file circulates on the Internet with names, professions, telephone numbers, but no passwords or bank details. In a blog post published on Tuesday, the social network explains that this leak is not the result of hacking and that it is an old affair.
The fact is that the story dates from before 2019. Hackers had engaged in “scratching”, that is to say a wild collection of data from the main interface of the service, without fraudulent access to the servers. For this, they had relied on a Facebook function consisting of scanning the address book of each user to establish relationships between people. This is how they were able to recover millions of names, telephone numbers, locations, professions, marital status, etc.
This list had been circulating on the Internet for several years, in hacker circles. It has just resurfaced for free, highlighted by a cybersecurity specialist.
Where are we today? Facebook specifies that the function which made it possible to extract the coordinates of the users has been deactivated and therefore that the problem can no longer arise today. The fact remains that the data sucked before 2019 remains in nature. Contrary to what the General Data Protection Regulation (GDPR) provides today, no one has been warned. This data leak can be used in “phishing” campaigns or simply telephone spam, for example.
To find out if you are concerned by this case, or by any other data breach, you can go to the specialized site Have I been Pawned, type your email address or your phone number and check the list provided.