In the last few days rumors have been spread that more than 500 million Facebook users had their data leaked, mostly sensitive informations like personal phone numbers and email addresses.
Facebook's initial response was that the data breach was previously reported in 2019 and that the company patched the underlying vulnerability in August.
As Facebook eventually explained in its Tuesday blog, the recently leak of 533 million records is an entirely different data set that attackers created by abusing a flaw in a Facebook address book contacts import feature.
Data sets circulating in criminal forums are often mashed together, adapted, recombined, and sold off in different chunks, which can account for variations in their exact size and scope. If all of this feels confusing, it's because Facebook went days without giving a substantive answer and has left open some degree of confusion.
But for those affected, this may not seem a big deal. Attackers could simply run through every possible international phone number and collect data on hits. But the Facebook bug provided bad actors with the missing connection between phone numbers and public information like names and email addresses.
This is not the first, and surely won't be the last time that something like this happens. The underlying problem goes back all the way to the root, a centralized system that holds all the users data.
The possibility of exploiting a single vulnerability to access hundreds of millions of user's data can attract the attention of hackers and bad actors, that in a negligible amount of time can get a hold on one of the wolrd biggest data pools.
The progressive shift to decentralization and adoption of smaller data pools solutions can mitigate the problem, and even eliminate it.
When the effort of hacking a sigle device or service can only bring in the data of a single user, it's not worth the time spent anymore, and the chances of a global attack decrease dramatically.
For an in depth explanation of the Facebook data leak read the full story on Wired