Mass Data Leaks, Twitter Throttling as the Start of Censorship in Russia, and Other Cybersecurity News

We have assembled the week’s most important cybersecurity news.

Data for more than half a billion Facebook users leaked

At the end of last week, on a hacker forum, personal data for more than 533 million Facebook users was published.

All 533,000,000 Facebook records were just leaked for free.

This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.

I have yet to see Facebook acknowledging this absolute negligence of your data. https://t.co/ysGCPZm5U3 pic.twitter.com/nM0Fu4GDY8

— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021

Among the leaked data are phone numbers, full names, dates of birth, biographical details, location information, and more. The authenticity of the database was confirmed by journalists from Business Insider, who checked part of the data.

According to experts, the leak affected millions of people across 106 countries. Among them were data for nearly 10 million Facebook users in Russia.

The leak was previously detected in January, when advertisers of a Telegram bot offering to purchase Facebook user numbers were discovered.

Analysts suggested the hackers exploited a Facebook vulnerability tied to the “Add Friend” feature in 2019. It allowed access to phone numbers linked to each Facebook account, though the bug has long since been fixed.

Facebook confirmed that the data concerned are those scraped up to September 2019.

«This is a common tactic that frequently uses automated software to extract publicly available information from the Internet», — noted the company.

Facebook believes the data were scraped from user accounts thanks to the Contacts import feature.

Bleeping Computer emphasised that even if the current dataset is from 2019, phone numbers and email addresses typically do not change for many years, making them valuable for attackers.

Have I Been Pwned added the data from the leak to its database. Users can check whether their email addresses and phone numbers appear in the leaked dataset.

Experts have determined exactly how Twitter is throttled in Russia

The Censored Planet project studied how Russian authorities manage to slow Twitter traffic.

Experts noted that this incident marks the first known attempt by the Russian government to throttle rather than block social networks to pressure them:

«Moreover, this marks a shift from the previously decentralised model of censorship controlled by internet providers to a more centralised model that gives authorities vast powers to impose the desired restrictions».

They confirmed that devices used for threat countermeasures (ТСПУ) operate through DPI technology. They allow the traffic of a specific service to be singled out from general traffic and slowed down.

«ТСПУ is controlled directly and remotely by Roskomnadzor, not by individual internet providers, which brings the censorship architecture in the country closer to centralised models in China and Iran,» — the researchers noted.

Roskomnadzor throttles Twitter to 100-150 kbps. The throttling affects not only audio, photo or video content but also the domains hosting files essential for the service’s operation.

One of the report’s authors, Leonid Evdokimov, told Meduza that deploying DPI equipment “clearly brings Roskomnadzor closer to a sufficiently effective solution to block Telegram, VPNs, Tor and other censorship-threatening apps.”

«Shutting down Twitter was never the main objective. Twitter was the “lab rat” for Roskomnadzor to test how well their new equipment and strategy work», — cited Evdokimov by Bloomberg.

On this week Roskomnadzor extended the throttling of Twitter traffic until May 15.

Data leaked from the Dom.RF bank customers

Criminals put up for sale the data of Russians applying for loans with the Dom.RF bank. A bank spokesperson confirmed the breach.

The database contains almost 105,000 records. Among other things, it includes phone numbers and email addresses, full names, dates of birth, passport data, INN, addresses and other information.

Full access to the database costs 100,000 rubles. Individual rows of data from 2021 are sold for 15 rubles, for the second half of 2020 — 10 rubles, and for the first half of 2020 — 7 rubles.

The European Commission and several EU bodies hacked

The European Commission described a March cyberattack on its own infrastructure and that of several other European organisations.

There have been no “serious data breaches” detected yet, though the investigation is still at an early stage and no final information is available, notes Bleeping Computer.

Experts found that Mark Zuckerberg uses Signal

During an analysis of the leaked Facebook user database, security researcher Dave Walker uncovered data about the founder of the social network, Mark Zuckerberg.

Regarding the #FacebookLeak, of the 533M people in the leak — the irony is that Mark Zuckerberg is regrettably included in the leak as well.

If journalists are struggling to get a statement from @facebook, maybe just give him a call, from the tel in the leak? 📞😂@GazTheJourno pic.twitter.com/lrqlwzFMjU

— Dave Walker (@Daviey) April 3, 2021

From the phone number, he also deduced that Zuckerberg uses the privacy-focused Signal messenger.

«Another twist — Mark Zuckerberg also respects his privacy by using an app that has end-to-end encryption and is not owned by Facebook», — wrote Walker.

Signal representatives responded, stating that Zuckerberg is setting an example for all as the new WhatsApp privacy policy comes into effect.

With the May 15th WhatsApp Terms of Service acceptance deadline fast approaching, Mark leads by example:https://t.co/Mt5YksaAxL

— Signal (@signalapp) April 6, 2021

Hackers put up for sale a database containing data of 500 million LinkedIn users

Following the Facebook incident, hackers put up for sale a database containing data of 500 million LinkedIn users.

The company said the data were not a breach — the information is publicly available, and the database includes data from several sites.

According to researchers, the seller valued it at a four-figure sum, with payment presumably in Bitcoin.

Russia’s security council rejects claims of SolarWinds attack

Security Council Secretary Nikolai Patrushev told Kommersant that the United States’ accusations that Russia was behind SolarWinds are unfounded.

«This is another blanket accusation. Our state has nothing to do with this breach. We do not rule out that hackers—whether living in Russia or holding Russian citizenship—may participate in various cyber operations, but the state is not involved», said he.

As a reminder, the SolarWinds attack gave hackers access to U.S. government systems and numerous companies.

Also on ForkLog:

• Data 4.8 million Paxful users were exposed publicly.
• A Russian court fined TikTok 2.6 million rubles following Twitter.
• GitHub servers were used to mine cryptocurrency.
• DeFi project Force DAO was attacked after launch.
• Signal added support for Crypto MobileCoin in beta.
• Hackers demanded from an American school district $40 million in cryptocurrency.
• Bitcoin extortionists attacked industrial facilities through a VPN server vulnerability.

What to read this weekend?

How the market for selling personal data on the dark web works — how data gets there and who buys it, read in ForkLog’s exclusive.

Read ForkLog’s Bitcoin news in our Telegram — cryptocurrency news, prices and analysis.