Security News
Reams of personal data - including phone numbers, email addresses, and birthdays - obtained from 533 million Facebook accounts was offered to all for free on a cyber-crime forum over the weekend. The information - which also includes people's names, marital status, occupation, and location - was siphoned from Facebook in 2019 via a security weakness in the platform.
Reams of personal data - including phone numbers, email addresses, and birthdays - obtained from 533 million Facebook accounts was offered to all for free on a cyber-crime forum over the weekend. The information - which also includes people's names, marital status, occupation, and location - was siphoned from Facebook in 2019 via a security weakness in the platform.
Data breach notification service Have I Been Pwned can now be used to check if your personal information was exposed in yesterday's Facebook data leak that contains the phone numbers and information for over 500 million users. Troy Hunt has added the leaked data to his Have I Been Pwned data breach notification service to help users determine if a Facebook member's data was exposed in the leak.
The mobile phone numbers and other personal information for approximately 533 million Facebook users worldwide has been leaked on a popular hacker forum for free. The sold data included 533,313,128 Facebook users, with information such as a member's mobile number, Facebook ID, name, gender, location, relationship status, occupation, and email addresses.
Facebook may be banned in China, but the company on Wednesday said it has disrupted a network of bad actors using its platform to target the Uyghur community and lure them into downloading malicious software that would allow surveillance of their devices. "They targeted activists, journalists and dissidents predominantly among Uyghurs from Xinjiang in China primarily living abroad in Turkey, Kazakhstan, the United States, Syria, Australia, Canada and other countries," Facebook's Head of Cyber Espionage Investigations, Mike Dvilyanski, and Head of Security Policy, Nathaniel Gleicher, said.
A critical vulnerability in the official Facebook for WordPress plugin could be abused to upload arbitrary files, essentially leading to remote code execution, according to a warning from security researchers at Wordfence. Formerly known as Official Facebook Pixel, the Facebook for WordPress plugin is used on more than 500,000 sites, allowing administrators to capture actions that visitors take when interacting with the page.
Facebook has taken on a group of hackers in China that target the Uyghur ethnic group with cyberespionage activity. The hacking group, known as Earth Empusa or Evil Eye, was targeting activists, dissidents and journalists involved in the Uyghur community, primarily those living abroad in Australia, Canada, Kazakhstan, Syria, Turkey and the United States, among other countries, by using fake Facebook accounts for fictitious people sympathetic to the Uyghur community.
Backblaze has removed Facebook tracking code accidentally added to web UI pages only accessible to logged-in customers. Backblaze discovered the issue after receiving user reports on March 21 that pages on the B2 web UI were sending file names and sizes to Facebook.
Facebook took down accounts used by a Chinese-sponsored hacking group to deploy surveillance malware on devices used by Uyghurs activists, journalists, and dissidents living outside China. The hacking group tracked as Earth Empusa or Evil Eye used the now disabled Facebook accounts to send links that redirected their targets to malicious websites under their control in watering hole attacks.
Facebook's threat intelligence team says it has disrupted a sophisticated Chinese spying team that routinely use iPhone and Android malware to hit journalists, dissidents and activists around the world. The hacking group, known to malware hunters as Evil Eye, has used Facebook to plant links to watering hole websites rigged with exploits for the two major mobile platforms.