More than a fifth of the Maltese population - 115,366 people - have had their Facebook personal information posted on a hackers' forum.
The leaked information which had been put up for sale in January, has been uploaded for free. To access the data, one only needs to register on the website and send a message on Telegram.
Although only a small fraction of the 533 million Facebook users affected by the leak, the number of people exposed in Malta puts the island in the top 10 EU countries affected.
A report published on Saturday says that the personal data-sets leaked include phone numbers, Facebook IDs, full names, locations, birth dates and biographies.
They were leaked on raidforums.com earlier on Saturday.
The leak, which has put the world’s cyber-security community on edge, constitutes a massive breach of Facebook's obligations to protect user data as stipulated by GDPR regulations. The company has so far failed to give details on its response beyond stating it patched the 'vulnerability' in 2019.
Although the database on the forum is technically based on information gathered before the 2019 patch, the slightly outdated information can still be used by hackers who wish to bypass security questions or other password protection tools.
Local authorities are yet to respond to the situation, with questions sent to the police, the Malta Information Technology Authority remaining unanswered so far.
A fifth of the EU’s population is at risk
The number of people exposed in Malta puts the country in the top 10 EU countries affected by the leak, standing at 23% of the total population.
With more than 105 million EU citizens exposed by the leak, 23.6% of the EU’s 446 million inhabitants have been affected.
EU-based data-sets account for 19.7% of the leak’s cache of 533 million users.
The only EU country with a majority of the population whose details have been put up for sale is Italy, with a staggering 59.1% of the population exposed.
This tallies to over 35 million people, by far the largest amount of data-sets to be leaked from a specific EU member state.
The Netherlands and Luxembourg follow suit, with 31.4% and 30.7% of the population affected, respectively.
The least affected countries are Bulgaria, Greece and Hungary, with just 6.2%, 5.8% and 3.9% of the population being affected by the leaks.
Just three countries from the EU were not affected whatsoever - Romania, Slovakia and Latvia.
The average percentage of total population affected by the leaks across the EU stands at 18.3%.
How did this happen?
The profile which posted the data-sets, known only by the username ‘TomLiner’, included a detailed breakdown of the number of users per affected country. In all, 106 countries have been targeted.
The website containing Facebook users’ personal data was first highlighted on Twitter by the CEO of a renowned cyber-security firm known as Hudson Rock on April 3.
On January 14, Hudson Rock CEO Alon Gal had already highlighted how Facebook had failed to close down a vulnerability that linked users’ phone numbers to their accounts, a detail which is supposed to remain hidden.
The leaks highlighted on Saturday stemmed from this original vulnerability. According to Gal, the original creator of the leaked data-sets exploited this gap.
Cyber-security experts such as Gal are sounding the alarm on the leaks, arguing that hackers can use the data that is being sold to attempt to outwit security questions on password recovery features linked to one’s account.
Such an attempt is part of a wider repertoire of hacking methods that fall under the umbrella term of socially engineered attacks.
Social engineering, in terms of information security, is defined as the psychological manipulation of people or their accounts, based on attempts to trick individuals into sharing confidential information such as credit card details.
Independent journalism costs money. Support Times of Malta for the price of a coffee.Support Us