At this point can we just all assume Facebook has leaked our data everywhere.
To be fair, most of it wasn't leaked it was sold or given out for free.
UK users should have been informed already, or FB is in breach of the law for EACH breach:
>If a breach is likely to result in a high risk to the rights and freedoms of individuals, the UK GDPR says you must inform those concerned directly and without undue delay. In other words, this should take place as soon as possible.
>A ‘high risk’ means the requirement to inform individuals is higher than for notifying the ICO. Again, you will need to assess both the severity of the potential or actual impact on individuals as a result of a breach and the likelihood of this occurring. If the impact of the breach is more severe, the risk is higher; if the likelihood of the consequences is greater, then again the risk is higher. In such cases, you will need to promptly inform those affected, particularly if there is a need to mitigate an immediate risk of damage to them. One of the main reasons for informing individuals is to help them take steps to protect themselves from the effect of a breach.
There is no argument against the "risks to rights and freedoms" that facebook can make that will not result in outing themselves for violating GDPR in Europe.
Same in Australia- this is a notifiable data breach and they are in deep shit if they don't report it properly. They might even have to stop posting links to news sites!
No need **to wait for** Facebook to tell it.
Troy Hunt already compiled the breached data into his checker and changed the parser to accept phone numbers from now on.
If you want to try, you have to write your telefon in international format.
Edit: (to wait for) added
Edit 2: International number is the one with the + or double zero and the country code.
In some countries of europe the cell phone number starts with 0, so 0123-456-789 would translate to +43123456789 for Austria, +33123456789 for France, +49123456789 for Germany, +34123456789 for Spain...
People who got caught with the phone number... be prepared to receive scam / phising attacks per sms (i.e. DHL packet) or even call centers (i.e. Paypal problem with credit card). If you use sms-tan as second factor of identification... I would try to search for an alternative for a while, sms highjacking is possible. Be careful about possible impersonation in social media depending on phone number. A friend of mine got impersonated in whatsapp and flooded / closed our group chat.
Additionally, don't forget that phone numbers get recycled. Maybe you haven't used a service, but the number is still compromised because the previous owner did use it. This would be not so risky, because the rest of the dataset would not match you.
People who got caught in the email... please do a round to all the services you care and change your password, speciall if you have reused passwords in different sites. Some of those breaches stored contain full login credentials, meaning email + password saved improperly in plain text at the servers of a unserious web site / company.
Troy Hunt is one of the top IT security guys you can find out there at the moment and his site has been audited by other high IT security people a couple of times during the last years.
The process involved doesn't transmit anthing that might compromise you.
Everything is encrypted in your browser and the results is what is sent through the internet and compared with their encrypted database.
> This is not true, this is true only for passwords, not for phone numbers and emails that are sent to the site in the clear via HTTP GET request
So if anyone would manage to hack the site and take the data it would be already encrypted and useless for them (what actually should had been done by the other companies where it got leaked the first time).
I can tell you that this site is recommended by many of the best devs in the world. You can just google and you will find it recommended in top IT sites like stackoverflow, codeproject and many others
I had already told it somewhere down there but [u/stuartgm](https://www.reddit.com/user/stuartgm/) reminded me again...
>Also worth being aware of [SIM swapping](https://en.wikipedia.org/wiki/SIM_swap_scam) \- this leak may put the compromised users at higher risk of this kind of targeted attack.
>Any service that uses text/SMS/call for verification may be vulnerable. If you have an option to move these accounts to use proper MFA then absolutely do so.
And I agree... people that are using the phone number to receive TANs for authentication should consider another way (if available) for the 2FA of that service. And change passwords all over the places.
By the way MFA = Multi Factor Authentication // 2FA = 2 Factor Authentication
Edit 6: including feedback from u/davtur19 above
Looks like I'm not part of any Facebook breach. Nice.
Isn't this in violation of GDPR? I don't remember if they require notifying users of data leaks.
They do and it’s a very short window of time to do so, it’s something like 2 or 3 days.
Gee it's almost as if Facebook is an evil corporation perfectly willing to exploit anyone and anything in the name of profit, and they don't actually give a shit about doing the right thing. Huh. Funny, that.
I mean. Mark Zuckerberg created Facebook so he could stalk people on his college campus.
Annoyingly I deleted my account last year and my phone number was leaked. Too little too late I guess
It's because people who have your phone number in their contacts have allowed Facebook to upload their entire contacts list, and that would then tie your name to the number in Facebook's database.
I never gave Facebook my phone number, and I quit using them last year.
I’ve never been happier about either decision.
Apparently your number could still be compromised. If a friend ever added you contact by phone number, they kept it. Forever.
As someone else put it “you may not have a fb account, but fb has a you account”
Great, now they can not even protect themselves from stuff even if they want to
Well then time for Europe to sue them into oblivion.
It's already under way, and has been for quite some time, for multiple gdpr breaches.
This breach is not new, this happened almost two years ago. The only reason this is up in the news again is because someone released the full dataset for free. This dataset have already been available for sale on the black market for a long time, and was known.
I’m pwned. Dammit Facebook
So dump facebook.
My phone number has been on the loose somewhere for years now, but I've always had silence unknown callers on because every other day I get a spam call. Unfortunately I was dumb enough to put my phone number on this website and it's been compromised again.
I got alerted from my credit app. I changed my passwords and perma deleted Facebook. It had been deactivated for a few months already and I didn't miss it.
They don't want the people like me who deleted their Facebook to know they didn't actually delete their info.
If only there were some easy way of notifying everyone. . . some kind of messenger . . .
Facebook users: *angry about personal data breach
Facebook users: *continue using Facebook
Facebook should be blocked.
Why would a farmer inform its cattle of someone hoping the fence?
Zuckerberg really knows to how to make himself look like a piece of shit.
I didn’t need them to notify me. I knew all my info was stolen when I got 200 emails from different companies saying I requested my password be reset. This is quite the mess up.
It is probably in their ToS: We don't give a fuck about you!
Why would they? Facebook users aren't their customer - ad purchasers are, and it doesn't seem that their info was compromised.
DELETE YOUR FACEBOOK
Business as usual. They probably will notify the people that pay Facebook for the data. For a one time discount since it’s feee on the interwebs now.
No need to check if I have been powned. I'm recieving a lot more phishing texts on my mobile number since last week (from once every other year, to twice in a week)
Just avoid signing into apps, and services using FB. All FB is doing is further finding out who you do business with this way.
I bought a portable hand cart (wagon type thing) for 20 bucks on a Facebook ad and was sent a pair of super cheap sunglasses instead- Facebook sucks. It was a good idea for sharing with friends initially but Zuck is the wrong man for the job.
The real reason: most of the breached data was your supposedly deleted account. Revealing that nothing is deleted and you have no control isn't good for facebook.
It should just be common knowledge that any data going into FB will also be leaving FB one way or another. No need to notify anyone in this case.
It’s Facebook, I seriously doubt it was a “leak.”
I bet they sold their info then told everyone it was a leak.
Well of course not. At this point, any FB user who expects privacy is delusional.
I deleted mine long ago and never looked back. The email I signed up with I deleted ages ago too. Never gave them my phone number.
Maybe someone needs to pull down that breach and send out an email to everyone in that list on behalf of Facebook. They're afraid of the huge backlash they will receive -- and rightfully so. But if they won't do the right thing then someone should.
My Facebook was hacked, they changed all my stuff and I have been locked out of it for about 36 hours. The hacker added their email to my account so they get the recovery emails as well. I’m guessing that was from this :/
Delete your Facebook accounts and stop supporting this bullshit. I deleted all social media accounts except LinkedIn for work over 10 years ago and haven’t looked back. Don’t miss a single thing.
Subreddit dedicated to the news and discussions about the creation and use of technology and its surrounding issues.