Cyber SecurityInformation Technology

CERT-In responds to the Facebook data breach, issues advisory

CERT-In has responded to the recent Facebook data breach. It has issued an advisory to protect the interests of Indian users of Facebook. Earlier, this month, reports confirmed that around the breach affects around 500 million users. These numbers include around 6.1 million Indian users of Facebook.

The Advisory

Through the advisory, CERT-In has asked Indian users of Facebook to secure their profile on the social media giant’s platform.

Providing the details of the breach, it has stated that the leaked information includes email addresses, profile ID, full name, job occupation, phone numbers and birth date. However, Facebook has clarified that the financial information, health information, and passwords of users are safe.  

As per the advisory, data scrapers may use “public” information of an individual to “match and combine with data from other breaches to access even more of their personal information and accounts,”. It recommends users to consider changing their profile settings to “private” or “friends” only.

It has also asked users to change their privacy settings on Facebook, such as who can find and contact them, and whether they should set them all to “friends” or stricter for better protection.

Lastly, users were urged to practise good cyber hygiene, and Facebook has informed users to “make sure that their privacy settings represent what details they want to share publicly and who they want to be able to look at them by phone number,” according to the advisory.

Facebook’s response to the data breach

Facebook has been laying low since the time the news of this breach surfaced online. Yesterday, it was reported that Facebook plans to ‘normalize’ security concerns in light of this massive ‘data scrapping’ exercise.

The Company states that it has conducted an investigation and concluded the breach only exposes ‘old data’ dating prior to September 2019. The hackers have used Facebook’s “contact importer” feature to scrape the information. Facebook has advised users to enable two-factor authentication (2FA) for better security.

However, readers must note that although the vulnerability might have become old and patched, but the user data is largely going to remain same. The personal nature of data, available online, will inadvertently allow cyber criminals to misuse the data and scam people. Further, because the data set also contains email addresses, hacking attempts could be made. Given the volume of personal data leaked, it becomes imperative that Facebook does more than just patching the vulnerability. It should inform the users and ask them to take steps to safeguard their data.


Do subscribe to our Telegram channel for more resources and discussions on technology law and news. To receive weekly updates, and a massive monthly roundup, don’t forget to subscribe to our Newsletter.

You can also follow us on InstagramFacebookLinkedIn, and Twitter for frequent updates and news flashes about #technologylaw.

Rajat Chawda

Rajat is a student at the Institute of Law, Nirma University. Since a young age, he was fascinated by the technological advancements and his fascination with gadgets has helped him develop a keen interest in TMT Laws in his journey as a law student. He is associated with Mylawrd to further engage himself and learn in this area.

Share your thoughts!

This site uses Akismet to reduce spam. Learn how your comment data is processed.