For anybody who has even the slightest interest in digital privacy, this Easter long weekend was probably spent reading about (or hands-on researching) the Facebook data dump situation, with over 530 million user records going public.
After the initial announcement of the data dump appearing online, made by an Israeli cyber security researcher @UnderTheBreach on the 3rd of April, the media all around the world began reporting on “the Facebook hack”.
In reality there is no evidence (at least for now) of any hacking incident at Facebook – while the company did not officially comment on the revelations, high level Facebook employees say that the leaked records are “old data”, related to a vulnerability that was identified and fixed in August 2019.
The vulnerability allowed users’ data to be scraped without their knowledge and often bypassing privacy settings applied to their accounts. This means that while Facebook did not intend to make the profile information public and while hidden from regular users, the data was still accessible to automated crawlers and scrapers.
The leaked records include: phone numbers, Facebook IDs, name and surname on the account, locations, email addresses (only in some cases), dates of birth (also only in some cases) account creation / update dates, employment details, relationship status, spouse name (in some cases) and whatever details people disclosed in their bio information.
Because the revealed content is dependent on whatever details the users themselves supplied to Facebook, not every breached profile presents a complete data set and is equally abundant in information.
Also, not every single Facebook account has been scraped in this way, so it’s not the case of a complete leak with 100% of FB accounts – although it’s pretty bad, when you consider that Mark Zuckerberg’s own phone number was included in the dump.
The size of this data dump is enormous – 106 countries, over 533 million users. Certain countries (for example the African ones) are grouped together in merged data sets, while others (like the US) have multiple files due to the huge volume of records.
Here I want to focus on a very narrow slice of this material – Ireland and the Irish users.
A searchable lookup database somebody already made: https://haveibeenzucked.com/