Facebook users in India has been advised by India’s cybersecurity agency, CERT-In, to strengthen their account privacy settings after a recent data breach affected almost 61 lakh Indian social media users. Also Read - WhatsApp violates Indian users' rights by denying dispute resolution claims Centre
“As the Facebook platform evolves and grows, parts of your account could be public. Data could also be collected and shared in ways you don’t know about,” the Indian Computer Emergency Response Team or CERT-In said in a public advisory. Also Read - Facebook to pay French news publishers for using its content
Yet another data breach
CERT-In is responsible for combating cyber-attacks and protecting the Indian cyber infrastructure against potential threats like phishing, hacking and similar online attacks. Also Read - Facebook’s new name could be Meta or Horizon, or will it be called FB?
“It has been reported that globally there has been a large-scale leakage of Facebook profile information. The exposed information includes email addresses, profile ID, full name, job occupation, phone numbers and birth date.”
“According to Facebook, the scraped information does not include financial information, health information or passwords, however information from more than 450 million unique Facebook profiles globally, including approximately 61 lakh Indian individuals, has been made publicly available in multiple cybercriminal forums for free,” the advisory said while explaining the breach.
The leak was exposed by a cybersecurity researcher which was later acknowledged by the company stating that it was old data the was leaked. Facebook also said that it had found the issue and later fixed it.
How was the data leaked online?
The Indian security agency said that as per Facebook, this ‘data scrapping’ happened by using the contact importer feature of the platform, a feature that allows other users to find a user on Facebook by using their phone numbers.
“Facebook stated that this feature was changed in September 2019, following the discovery that threat actors were abusing the feature.”
“However, while Facebook modified the feature in 2019 to thwart this kind of abuse, the phone numbers of 450 million global users had already been harvested by malicious actors, along with other identifying information on users,” it said.
The advisory has asked Facebook to follow good cyber hygiene practices, and also advised them to “make sure that their privacy settings reflect what information they want to share publicly and who they want to be able to look them by phone number”.
How to protect your online data?
The social network has recommended all of its users activate two-factor authentication for their profile which makes it difficult for a hacker to gain access to your account.
The social network also asked its users to adjust their settings to restrict who can view their contact information and find them on Facebook.
A similar breach was reported in March 2018 when Facebook data of over 5.62 lakh Indians was allegedly compromised as UK-based research firm Cambridge Analytica had accessed information of about 87 million users globally.