The Italian Data Protection Authority (the “Authority”) intervened following the incidents of data theft that occurred in recent days detrimental to the social networks Facebook and LinkedIn.
The first days of April were critical for the two American giants, Facebook and LinkedIn, as they became the target of the so-called web scraping, in other word the extraction of data from a hacked website, followed by the disclosure of personal information.
About 500 million users for each social network have been affected by the theft, all over the world.
Facebook : The cyber-attack against Facebook caused the free-of-charge and unlawful dissemination of the personal data of about 533 million users within a famous hacker forum. Such number is equal to 20% of the total subscribers, 36 million of which are Italian.
The cyber-theft concerned the personal data that users usually enter about themselves, in particular: name, surname, gender, telephone number, place and date of birth, employment, romantic relationship status, and e-mail address.
On April 6, 2021, the Authority asked Facebook to immediately make available a service that allows Italian users to check whether the data relating to the telephone number and e-mail address had been violated.
Indeed, it is known that through the disclosure of such data, it is possible to carry out a series of illegal operations, for example by using them to access certain online services, including WhatsApp, and to engage in further fraudulent conduct through identity theft.
At the same time, the Authority recalled that the use of illegally acquired data is prohibited by the privacy legislation and reminded users to pay attention to any anomalies connected to their telephone number and to be wary of any message that may include requests for information and / or monetary, even if they come from acquaintances.
LinkedIn : A few days after, LinkedIn was also the victim of a cyber-attack, as a result of which the data of 500 million users - out of a total of ca. 740 million subscribers - were put up for sale on a hacking forum. Also in this case, the personal data were shared, i.e. e-mail address, telephone number, information relating to work activities, etc.
Therefore, on April 8, 2021, the Authority intervened declaring the opening of an investigation against LinkedIn and alerting the users to be careful about potential unusual requests.
* * * * * * *
Awaiting further details, it is recommended to pay attention to the Italian Data Protection Authority’s advice and change the passwords used to log into social networks.