Although the Malta Police Force has not received any “formal report” regarding a recent Facebook data leak, they are still “monitoring the situation”, a police spokesperson told The Malta Independent.
This comes after a report from the Business Insider revealed that 533 million Facebook users all over the world had personal data leaked online. It includes users’ phone numbers, Facebook IDs, full names, locations, birthdates, bios, and, in some cases, email addresses.
Over 100,000 people in Malta were affected with this leak. Malta is among the worst affected in the EU (23% of the population), while the highest recorded leaks in European countries include Italy (59%), the Netherlands (31%), Luxembourg (30%), France (29%), Ireland (29%), Belgium (27%), Finland (25%), and Spain (23.2%).
Anyone who has access to a recent Facebook leak might engage in phishing campaigns and abuse password recovery functionalities, the police spokesperson said.
Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.
On the other hand, “the information available so far does not indicate that passwords were contained in this leak,” the police spokesperson said, adding that “anyone having access to this leak would not have been able to gain unauthorised access to any user accounts directly.”
However, the abuse of password recovery functionalities could still be an issue, especially for those with an unsecure password for their accounts, as they “could still result in unauthorised access to a person’s account.”
The police reiterated the importance of “having one’s account security settings up-to-date and, where possible, also have two-factor authentication activated” on Facebook and other platforms as well.
Although the spokesperson noted that the police’s power is limited in such situations, other competent authorities may look into breaches of GDPR laws.
“Malta Police’s remit is limited to any behaviour that amounts to a criminal offence. There may be an opportunity for assessment or action by other competent authorities in the case of breaches of GDPR by the platform which could give rise to administrative or civil proceedings in other fora,” the spokesperson said.