After WhatsApp, India’s Cyber Threat Agency Flags Facebook Data Leak

After WhatsApp, India’s Cyber Threat Agency Flags Facebook Data Leak

SUMMARY

Several news reports from earlier this month had claimed that the data of 533 Mn Facebook users had been leaked on hacker forums. Of these, 6 Mn were Indian users

The advisory stated that according to Facebook’s explanation, threat actors scraped the data prior to September 2019 by using the social media platform’s ‘Contact Importer’ feature, which allows users to find other users by using their phone numbers

The leaked details include users’ phone numbers, Facebook IDs, full names, locations, birthdates, bios, and in some cases, their email addresses as well

The Indian Computer Emergency Response Team (CERT-In), the government-run nodal authority on cybersecurity, on Monday, put out an advisory about the data scraping of Facebook users. 

Several news reports from earlier this month had claimed that the data of 533 Mn Facebook users had been leaked on hacker forums. Of these, 6 Mn were Indian users. The leaked details include users’ phone numbers, Facebook IDs, full names, locations, birthdates, bios, and in some cases, their email addresses as well. The social media giant told media agencies that the leak was related to a vulnerability that the company had patched in 2019.

The CERT-In advisory put the number of affected accounts at 450 Mn but maintained that 6 Mn Indian users have also been affected by the data leak. The advisory stated that according to Facebook’s explanation, threat actors scraped the data prior to September 2019 by using the social media platform’s ‘Contact Importer’ feature, which allows users to find other users by using their phone numbers. 

“Facebook stated that this feature was changed in September 2019, following the discovery that threat actors were abusing the feature. However, while Facebook modified the feature in 2019 to thwart this type of abuse, the phone numbers of 450 Mn global users had already been harvested by malicious actors, along with other identifying information on users,” read the advisory. 

Web scraping refers to the process of using automated scripts or bots for harvesting publicly available information from any site, such as the details that Facebook users make visible to the public on their profile.

Cybercriminals usually scrape data for social engineering purposes, but also sell it on dark web marketplaces or even call centres, who in turn use it for ‘spamming’ unsuspecting users. 

To help users guard their data against such cyber attacks in the future, CERT-In has advised Indian users to update their Facebook privacy settings by choosing to make the information on their profile visible only to their ‘Friends’ and not to the ‘Public’. The authority further advised users to review all of their Facebook privacy settings, turn on login alerts and enable two-factor authentication wherever available. 

Recently, CERT-In also put out an advisory about a severe WhatsApp bug in an earlier version of the messaging application. The advisory rated ‘Severe’ by the authorities at CERT-In explained that “Multiple vulnerabilities had been reported in WhatsApp applications which could allow a remote attacker to execute arbitrary code or access sensitive information on a targeted system.”

The vulnerability was detected in “WhatsApp and WhatsApp Business for Android prior to v2.21.4.18 and WhatsApp and WhatsApp Business for iOS prior to v2.21.32.”

Responding to the development, a WhatsApp spokesperson told Inc42 that the bugs have been addressed by the platform with its latest update: “We regularly work with security researchers to improve the numerous ways WhatsApp protects people’s messages. As is typical of software products, we’ve addressed two bugs that existed on outdated software, and we have no reason to believe that they were ever abused. WhatsApp remains safe and secure, and end-to-end encryption continues to work as intended to protect people’s messages.”

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

After WhatsApp, India’s Cyber Threat Agency Flags Facebook Data Leak-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

After WhatsApp, India’s Cyber Threat Agency Flags Facebook Data Leak-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

After WhatsApp, India’s Cyber Threat Agency Flags Facebook Data Leak-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

After WhatsApp, India’s Cyber Threat Agency Flags Facebook Data Leak-Inc42 Media
After WhatsApp, India’s Cyber Threat Agency Flags Facebook Data Leak-Inc42 Media
You’re in Good company