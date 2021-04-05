The personal data of almost 165,000 Murcian They were exposed after the latest Facebook security breach, which affected 11 million profiles in Spain alone. This was verified by the data protection specialist Samuel Parra, from the firm Égida, who highlights the value of the leaked data.

“Although the files with the leaked information do not contain access passwords, they do contain the phone number associated with the profile and in some cases the email. In addition to this information, location appears, so it is possible to detect in the list of the 11 million profiles which are from Murcia, “he says. The filtered data includes, in addition to the phone number, Facebook’s unique identifier, full name, location, previous location, date of birth, email addresses, account creation date, relationships and biography.

Among the 164,758 profiles filtered and affected by this gap, there are members of the regional government, as well as other regional and national personalities, “who given their position could be a specific target of fraud related to identity theft”, highlights the expert.

Risk of scams and identity theft



As Parra warns, this data could be used to carry out attacks on affected users: “Although it is true that the affected data is not particularly sensitive, the fact that it is possible Linking a profile with a mobile phone number can lead us to various dangerous scenarios: on the one hand, because those users who wanted to go unnoticed on Facebook behind a pseudonym can now be linked to a phone number; and on the other, because it will be possible to direct social engineering attacks, such as ‘vishing’, a type of fraud carried out through a phone call to the victim impersonating a third party ”.

Until now, Facebook has not issued an official statement nor has it notified affected users, something that according to Parra could be contrary to data protection regulations: «The General Data Protection Regulation imposes the obligation to inform the Spanish Data Protection Agency and the affected users of the existence of a breach of security that could pose a high risk to their rights and freedoms, which happens in this case especially due to the leakage of the phone number.

The security recommendations in these cases suggest modifying the password to access the profile and be especially attentive to possible calls or messages that we may receive on our mobile phones, never providing third parties with these phone calls or access credentials or information about our cards. credit or bank accounts.

A 2019 leak



The origin of the problem dates back to August 2019, when a vulnerability was discovered in Mark Zuckerberg’s social network that allowed access to private data, such as the phone number associated with the profile. At that time, no data leaks were reported as a result of this vulnerability.

But it was recently when an Israeli computer security expert, Alon Gal, warned that he had detected that since January 2021 files with the stolen information had been circulating through various closed groups of hackers. Now, These batches of data have been posted on the Internet available to anyone that you know where to look. The leaked files are organized by country; Each file contains the data of thousands or millions of affected users, thus, in the case of Spain there are 11 million profiles compromised.