NPC awaits FB Philippines statement on reported breach of 879,699 Filipino accounts

Gelo Gonzales
The privacy commission reiterates need to change passwords, activate two-factor authentication

Facebook Philippines has yet to issue a statement on the breach of Filipino accounts, allegedly 879,699 in all. The figure is part of a global Facebook breach reportedly affecting 533 million Facebook users from 106 countries, exposing phone numbers, Facebook IDs, full names, locations, birthdates, bios, and, in some cases, email addresses. 

The National Privacy Commission on Monday, April 5, issued a statement that they have reached out to Facebook Philippines’ data privacy officer “to gather more information on the matter.” 

So far, emails being sent to the global press from the company say that the data set figuring in the breach is “old data that was previously reported on in 2019” and that the security issue that allowed the breached was “found and fixed in August 2019.” 

While Facebook calls the data “old,” the danger has increased for those whose accounts and information are included in the breach, with the data being more readily accessible in an online hacking forum. 

Alon Gal, who had first discovered the stolen database, told Business Insider: “A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks [or] hacking attempts.” 

Two senior staff of CNN Business had reported finding their phone numbers on the said database.

In the same article, ethical hacker Rachel Tobac told them the data being all in one place and easily accessible will “make social engineering quicker and easier.” 

Jason Kint, CEO of trade association Digital Content Next and outspoken critic of Google and Facebook, emphasized again the need for “heightened regulations.” He also criticized the US FTC and Congress for protecting the leadership at the tech giants with settlements that amount to billions of dollars but do not deal with “the core issues at the company.” 

“As we await more answers, we highly encourage Facebook users to be more cautious online. We reiterate the need for the regular changing of passwords and the activation of two-step authentication of accounts to safeguard their personal information,” said the NPC in its statement.

We have also reached out to Facebook Philippines for a statement, and whether they have notified affected data subjects. – Rappler.com

Gelo Gonzales

Gelo Gonzales is Rappler’s technology editor. He covers consumer electronics, social media, emerging tech, and video games.