- The development comes after the widely reported Facebook data breach that leaked information of 53 million users worldwide.
- The claimed data breach reportedly includes the personal information of over 6 million users in India.
- CERT-In has advised Facebook users to make their accounts secure bu changing their data to Private or Friends Only.
The government's cybersecurity organisation, Computer Emergency Response Team (CERT)-In, has issued a public advisory asking Indian Facebook users to secure their account information. The development comes Facebook data breach that leaked information of 53 million users worldwide including 6 million Indians that was widely reported earlier this month.
The claimed data breach reportedly includes the personal information of over 6 million users in India. Security researchers have warned that the leaked data can be used to commit fraud by impersonating a person as the leaked data dump includes phone numbers, full name, location, email, and other information. CERT-In, which is the national technology arm that tackles cyberattacks and guards Indian cyberspace, has advised users to strengthen their Facebook accounts by suggesting a few measures.
CERT-In recommended that users consider changing their profile settings to Private or Friends Only as against settings that are open to Public that make it more susceptible to scraping. It noted that public information can be used to match and combine with data from other breaches to access even more of their personal information and accounts.
"As the Facebook platform evolves and grows, parts of your account could be public. Data could also be collected and shared in ways you don't know about," CERT-In said in a public advisory. The advisory encouraged users to follow good cyber hygiene practices and further noted that Facebook has advised individuals to make sure that their privacy settings reflect what information they want to share publicly and who they want to be able to look at them by phone number.
Earlier this month Facebook in a blog post noted that the malicious actors did not hack its system but scraped data through its platform which it refers to as automated software lifting public information from the internet that can end up being distributed online forums like this. "It is important to understand malicious actors obtained this data not through hacking our systems but by scraping it from our platform prior to September 2019," the social media giant noted.
Facebook said that vulnerability was discovered in 2019 that allowed phone numbers of millions of users to be scraped from Facebook servers. It said that the vulnerability was patched in August 2019. According to Facebook, the scraped information does not include financial information, health information, or passwords. Earlier this week CERT-In alerted the WhatsApp users about multiple vulnerabilities that were discovered in the app and can lead to a serious breach of information.