The personal data of more than half a billion Facebook users was available for free download on an online hacking forum on Saturday.
The trove of confidential information was first discovered by Alon Gal, co-founder and chief technology officer of cyber security company Hudson Rock.
The latest development heightens privacy concerns about the social media giant and the data security of its more than 2.7 billion monthly active users.
How big is the breach?
The data of more than 533 million Facebook users was first leaked in 2019. At the time, the California-based social network said it was a technology error and would address the issue “immediately”.
However, two years on, the information resurfaced on Saturday. The leak includes millions of files containing users’ personal information such as usernames, phone numbers, marital status, locations, birth dates, email addresses and in some cases complete bios of users.
Can Facebook stop further damage?
Industry analysts say once a users’ data is stolen and shared on a public platform, Facebook has very limited resources to stop it from spreading online.
“The people who hold it [leaked data] will attempt to monetise it for as long as they can,” Mr Gal said. “The process sometimes takes years, sometimes days.”
“Facebook needs to acknowledge this breach and not with just a ‘we value your information’ statement,” he added
Why does the Facebook breach pose a threat to crypto traders?
The Facebook breach has exposed vast amounts of confidential information on the internet that any individual, with basic data analytics knowledge, can download. It poses a potential risk to millions of cryptocurrency traders, who will now be more prone to identity-based attacks, according to industry experts.
“Bad actors will certainly use the information for social engineering, scamming, hacking and marketing,” said Mr Gal.
In 2018, hackers stole 21,000 Ethereum, worth over $42.4 million, in social engineering attacks in one year, according to cyber security company Kaspersky.
Can users thwart such attacks?
The best way for consumers to protect themselves is to change passwords regularly and use passwords that are more complex.
"Passwords should not be derived easily … users should leverage multi-factor authentication wherever possible," Avinash Advani, founder and chief executive of Dubai cyber-security company CyberKnight, told The National.
"Breaches will continue to happen as long as companies are connected to the internet and employ humans … no matter how good an organisation's security posture is … attackers are constantly evolving their TTPs [tools, techniques and procedures] and social engineering methods."
Why has Facebook become the poster child for data misuse?
The surge in Facebook users, many of whom might be unaware their personal data is at risk, has proved an open invitation for cyber criminals.
In July, the company admitted to accidentally sharing users’ confidential data with hundreds of third-party app developers even after their access period to user data had expired.
In June 2019, Facebook was called out for collecting confidential details of 187,000 users, some as young as 13, through its now non-operational app Research that paid users for wide-ranging access to their data.