fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Facebook Data Leak Now Under EU Data Regulator Investigation

Facebook Data Leak Now Under EU Data Regulator Investigation

Ireland’s Data Protection Commission (DPC) is investigating a massive data leak concerning a database containing personal information belonging to more than 530 million Facebook users.

“Previous datasets were published in 2019 and 2018 relating to a large-scale scraping of the Facebook website which at the time Facebook advised occurred between June 2017 and April 2018 when Facebook closed off a vulnerability in its phone lookup functionality,” the DPC said.

“Because the scraping took place prior to GDPR, Facebook chose not to notify this as a personal data breach under GDPR.”

The DPC also said that the recently leaked dataset seems to include information from additional Facebook user records “which may be from a later period.”

The data watchdog added that it had issues establishing communication channels with Facebook when it “over the weekend to establish the full facts” given that it received “no proactive communication from Facebook.”

When asked for more details about the leak, a Facebook spokesperson told BleepingComputer that “This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019.”

However, Graham Doyle, DPC’s head of media and deputy commissioner, added that “following this weekend’s media reporting we are examining the matter to establish whether the dataset referred to is indeed the same as that reported in 2019.”

Also Read: Compliance Course Singapore: Spotlight On The 3 Offerings

Data leak impacts 533 million Facebook users

The mobile phone numbers and other personal information of hundreds of millions of Facebook users worldwide were leaked on a popular hacker forum for free after it was sold in June 2020 for an estimated $30,000 and made searchable via a private Telegram bot.

The threat actors scraped the information from the public profiles of 533,313,128 Facebook users, including users’ mobile number, Facebook ID, name, gender, location, relationship status, occupation, date of birth, and email addresses.

The phone numbers of three of Facebook’s founders—Mark Zuckerberg, Chris Hughes, and Dustin Moskovitz—are also included in the data leak.

Samples of the Facebook data from the leak seen by BleepingComputer show that almost every user record in the database contains a mobile phone number, a Facebook ID, a name, and the member’s gender.

Facebook founders in data leak
Facebook founders in data leak

At the moment, it is believed that a now-patched vulnerability in Facebook’s ‘Add Friend’ feature was exploited in 2019 to gain access to and harvest Facebook members’ phone numbers.

This is highly sensitive data that has remained unchanged for most affected Facebook users, data that threat actors can use in email phishing attacks or smishing (mobile text phishing) attacks. 

Scammers can use use the leaked info (i.e., mobile phone numbers) in SIM swap attacks to steal their targets’ multi-factor authentication (MFA) codes sent via SMS.

You can use the Have I Been Pwned data breach notification service to check if your info was exposed in this massive Facebook data leak by entering your email or phone number in the search field.

Roskomnadzor, Russia’s telecommunications watchdog, also asked Facebook to provide details on the leak of Russian users’ personal data.

“Roskomnadzor sent a request to the management of Facebook Inc with the requirement to provide the most complete information about the leak of personal data (PD) of Russian users of the social network,” the Russian watchdog said today.

Also Read: Considering Enterprise Risk Management Certification Singapore? Here Are 7 Best Outcomes

“Roskomnadzor requires the administration of the social network to take all the necessary measures to prevent such leaks.”

Update: Added Roskomnadzor info.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us