Facebook is no stranger to data hacks and leaks, with the company having been on the receiving end of many high-profile security breaches in recent years. For example, back in 2018, the social media giant revealed that it had inadvertently exposed the personal information of more than 50 million users due to a small error in its platform coding, thus allowing miscreants to gain access to its users’ accounts.
Similarly, in 2020, the Mark Zuckerberg-led firm was embroiled in another major controversy when it came to light that thousands of developers had been able to access data from inactive platform users, again drawing the ire of many folks across the globe.
Now in 2021, the tech juggernaut has once again been hit with a fresh wave of data leaks, however, this time around, the number of users whose records were exposed was not 50 million but a staggering 500 million. On April 3, Alon Gal, chief technical officer of security firm Hudson Rock, revealed that sensitive personal information for over half a billion Facebook users was shared on a well-trafficked hacking forum.
To be more specific, the records include phone numbers, full names, locations, birthdates, bios, and, in some cases, email addresses of over 553 million located users across a total of 100 countries. Not only that, of the above-stated figure, 32 million users are apparently from the United States, while 11 million are from the United Kingdom.
Lastly, this data which is now doing the rounds online has potentially put at risk the savings of millions of digital currency traders and hodlers who now may be vulnerable to SIM swapping and other identity-based attacks, which have happened in recent years.
What should be done?
How exactly does this most recent breach place at risk the crypto assets of individuals? Dave Jevans, CEO of blockchain security firm CipherTrace, told Cointelegraph that people who have had their phone numbers leaked need to be extra cautious since a lot of fraud involving digital assets hinges on such info, adding:
“We’ve seen an increase in SIM swaps, phishing attacks and other types of fraud involving cryptocurrencies that rely on acquiring the phone numbers of victims to execute. Leaked info about the identity of high-profile crypto users gave bad actors the ability to target them.”
He went on to add that individuals who believe their crypto may be at some sort of risk need to reconsider their existing privacy strategies — basically, thinking twice before storing all their holdings in a centralized exchange that may leverage user phone numbers for two-factor authentication.
Jevans further opined that managing one’s own keys could be a better way to protect our valuables from being phished via the use of stolen phone numbers. However, he conceded that even that may not be enough. “Phishing attackers can still use other means of acquiring account and address information, but it’s much harder,” he added.
Providing a take on the matter, Ben Diggles, co-founder and chief revenue officer for Constellation — a scalable enterprise-grade blockchain creating a standard for securing data in transit — told Cointelegraph that Facebook’s latest security lapse is not surprising, especially since most users of the social media platform tend to adhere to a different mindset — i.e., they like their world to be managed and organized for them.
He added that for most users, if they forget their passwords, they can just have the system reset it for them. Not only that, in Diggles’ view, most folks using Facebook aren’t even totally aware of how big their digital footprint actually is — a facet that Facebook doesn’t make too obvious either — adding:
“Those that are crypto holders that were on the list have little to worry about unless they were storing descriptive details of their holdings and access on their Facebook account. However, these hackers have gotten really sophisticated, so I have no idea what tricks they may have [up] their sleeves with regards to scraping info specific to crypto wallets and exchanges.”
That said, as a precautionary measure, he believes that it would be best if most users change their passwords across all of their social media accounts as well as other platforms that share their data with Facebook.
Does decentralization matter?
As more data leaks continue to happen, an increasing amount of people around the world are beginning to realize the value proposition that decentralized systems put forth from a security standpoint, especially since they do not feature a single point of failure.
On the subject, Eli Arkush, a cloud solutions engineer at cybersecurity firm GlobalDots, opined that having the backend system of a platform distributed using blockchain technology might make it a bit harder on the hackers to get a hold of user info; however, once credentials fall into the wrong hands, password reuse can become an issue.
Similarly, Diggles believes that few people are educated enough to understand why decentralization actually counts, since, in theory, everything already seems fairly decentralized in their experience, at least from a digital standpoint.
He added that most people don’t know that the internet plays by its own rules and thus when he tells people about how technologies such as Brave and the Basic Attention Token work, it’s mind-blowing to them: “Most people aren’t aware of their involvement in the grander data world, and I can see why humans have been conditioned to think centralization is safer.” He added: “If users are made aware that value is being siphoned off of them every day, I think they would change behaviors quickly.”
However, Stephen Wilson, a member of the Australian government’s National Blockchain Roadmap Cybersecurity Working Group and CEO of security services provider Lockstep Group, is of the opinion that contrary to what some may believe, it’s never a good idea to save personal information on any sort of blockchain ecosystem.
He pointed out that the type of personal information breached by Facebook should never be stored in a blockchain, and even if one does, such data can never totally be protected by blockchain with any sort of long-term effectiveness. He stated further that “there are many different facets of decentralization and distributed systems,” adding:
“Blockchain and DLTs usually only decentralize some aspects of data management. They don’t usually decentralize data storage in any relevant sense because they tend to duplicate ledger entries across multiple systems. The storage is distributed, but identical copies of information are available in multiple locations and can be vulnerable to attackers or thieves.”
Crypto hacks in 2020 were centered around the DeFi space
Late last year, crypto hardware wallet manufacturer Ledger was on the receiving end of a data hack, as a result of which the private information of more than 270,000 users was leaked online. Following the incident, users started reporting extortion threats from bad actors resulting in many users even considered initiating legal action against the firm.
Furthermore, a total of 28 attacks were witnessed in relation to various prominent cryptocurrency exchanges and trading platforms in 2020, with the total sum of money being compromised as a result of these ploys amounting to around $300 million.
Related: Crypto wallets in 2021: From hot to cold, here are the options
According to a report released by CipherTrace, more than 50% of all nefarious activities in relation to the crypto market last year were linked to various decentralized finance protocols after the immense amount of growth over the past year.
In the past, most hacking schemes have, by and large, focused on stealing funds from cryptocurrency exchanges, for example, in 2014 and 2018, the amount of money compromised as a result of exchanges being hacked lay at $483 million and $875 million, respectively.
However, an increasing number of miscreants are now turning their attention to stealing user data because it provides them with unique avenues to acquire funds with relative ease. Thus, it is of utmost importance that crypto owners learn how to protect their assets, using advanced tools not to fall prey to such breach attempts.