back to article Facebook says dump of 533m accounts is old news. But my date of birth, name, etc haven't changed in years, Zuck

Reams of personal data – including phone numbers, email addresses, and birthdays – obtained from 533 million Facebook accounts was offered to all for free on a cyber-crime forum over the weekend. The data dump was flagged up by Alon Gal, co-founder and CTO of infosec startup Hudson Rock. The information – which also includes …

  1. Version 1.0 Silver badge
    Happy

    I need to look this up

    It would be interesting to find my details in the Facebook dump because I've never had a Facebook account. I tried to sign up back in the early days - using my real name and personal details - but Facebook refused to open an account because my real name sounded like a fake name to them. After several attempts to create an account they told me that they told me that they would sue me if I tried to setup an account again.

    I am so grateful to Facebook!

    1. Hipster Dufus

      Re: I need to look this up

      What's your name?

      1. Version 1.0 Silver badge
        Happy

        Re: I need to look this up

        El Reg knows but I'm not going to post it, I just looked up the domain name value of my name, it's $13,209 although it's still for sale. LOL, I'm laughing, Google shows 1,100,000 search results but less than half of them are me. I'm very happy to remain anonymous.

      2. RegGuy1 Silver badge
        Happy

        Re: I need to look this up

        My name? J R Hartley.

        I'm into phishing.

        1. Woodnag

          That doesn't fly...

          Perhaps phly phishing?

        2. Anonymous Coward
          Anonymous Coward

          Re: I need to look this up

          I did sign up for Facebook with a false name and credentials and refused to provide contact numbers. This is going to be interesting. We shall see if junk starts flying through the fake email address then I will know who point the finger at.

      3. Anonymous Coward
        Anonymous Coward

        Re: I need to look this up

        Here's a clue: his son is named Version 2.0.

        1. Juanguanomo
          Pirate

          Re: I need to look this up

          His wife is an alpha build. She wears the trousers.

    2. Fruit and Nutcase Silver badge
      Coat

      Re: I need to look this up

      There may be a few individuals out there who cannot create Facebook profiles using their real name -

      Unfortunate in having the same name, but fortunate in not being able to create a Facebook profile because they too are named "Mark Zuckerberg"

    3. Gene Cash Silver badge

      Re: I need to look this up

      > Facebook refused to open an account because my real name sounded like a fake name to them

      I got lucky the same way, even though there's a very famous singer with the same last name (and no, I'm not related).

      I've also moved away from Google Mail in case they throw the same shit-fit. I have no intention of sending Google any sort of proof or other documentation.

    4. JimboSmith Silver badge

      Re: I need to look this up

      I used a pen name on facebook when I was encouraged to sign up by friends. I used a unique email and certainly not my actual date of birth. Then thanks to the breach I received an email to the facebook only adress. There was somebody telling me they had (and providing me with a copy of) my password and as a result video of my "mucky viewing watching". After a hard laugh I deleted the email adding the from address as spam and changed my facebook password even though I hadn't used it in years and thought nothing more of it. I find it hard to believe anyone had or has any video of me from my devices. I have black electrical tape over the front cameras on all my devices and card or tape over the rear ones.

      Then a few days later my mum asked me to come round urgently as she had a problem. She'd had the same email and panicked. I got round there read the email and asked her how much she'd read of it. She said she had only got to the part about her password and called me. I got her to read the rest. She burst out laughing at the adult sites bit and said it was obviously bollocks. She asked how they had her password and I explained facebook had had a data loss.

      1. Jamie Jones Silver badge

        Re: I need to look this up

        my "mucky viewing watching". After a hard laugh

        *cough*

        1. Andy Landy

          Re: I need to look this up

          that sounds like a very dry cough, have you been tested recently? :)

      2. David Hicklin Bronze badge

        Re: I need to look this up

        I get the same email and don't even have a camera, they could make a fortune selling technology that makes video without needing a camera !

      3. mr-slappy

        Re: I need to look this up

        What mucky websites are you viewing, out of interest? (asking for a friend)

        They must be very mucky if you need to tape yourself up front and back

    5. Wyrdness

      Re: I need to look this up

      "After several attempts to create an account they told me that they told me that they would sue me if I tried to setup an account again."

      You should have let them try to sue you. The court filing would have been hilarious. "We're suing you for attempting to use a fake name which, coincidentally, just happens to be the same as your real name".

      1. Disgusted Of Tunbridge Wells Silver badge

        Re: I need to look this up

        How would they find him to sue him given he gave them a fake name ( which by coincidence is the same as his real name ).

    6. Blank Reg Silver badge

      Re: I need to look this up

      I set up an account in the early days with an obviously fake name and had no trouble. I just checked and the account it still there, in fact dozens of people have used the same fake name.

      Your name must be really weird.

      1. Jamie Jones Silver badge

        Re: I need to look this up

        I was running "Flossy T. Sheep" for ages, before I deleted it when she broke up with me!

    7. TeeCee Gold badge
      Coat

      Re: I need to look this up

      You are Jesus H. Christ and ICMFP!

  2. mark l 2 Silver badge

    Well I didn't use my real DOB when I signed up for a FB account for the reason that the same info you provide to these social media sites are the same ones that scammers will use for identity theft if they get leaked. I never use my real DOB when signing up for any website that asks for it, if they want to know my age ill give it to them, but I see no good reason why they need my exact birthday.

    1. Anonymous Coward
      Anonymous Coward

      I tried to change my broadband a few years ago to EE. They wanted to know my DOB when I applied. (Fuck off, why do you need that? You're not a bank, and if I'm a scam artist you'll just shut down my service. Fuck off.)

      Well, I told them it was 1970-01-01. I tell everyone that. They refused to accept my application. I'm so grateful to EE.

      Did I say fuck off? No? fuck off. :-)

      1. FlamingDeath Silver badge

        These silly cunts phone me up and ask me to verify my identity...

        Businesses still sailing around without a braincell

      2. David Nash Silver badge

        what are you supposed to do if your birth date is actually 1970-01-01? There must be rather a lot of people around for whom that is the case.

        1. tip pc Silver badge

          i suspect that when they tried to verify the details they couldn't find a person of that name and DoB at the given address so assumed the request was fake & rejected the application.

          plenty of people born on 01-01.

          For signing up to services like phones the government mandates the company can identify the customer hence checking name, DoB & address, if they all correlate with other sources of the same then happy days, else reject.

    2. JimboSmith Silver badge

      I have the same thoughts and very few people/companies know my DOB. However when I signed up to play the National Lottery via direct debit I tried that. The very patient girl on the phone (I had site issues - my fault) told me I had to give them my real one. if I didn't then when the came round to verify my identity in the event of a jackpot win they'd have problems and I might not get paid.

      1. Jellied Eel Silver badge

        It could be you..

        The very patient girl on the phone (I had site issues - my fault) told me I had to give them my real one.

        I had similar, although they wanted me to confirm the number on my driving licence. Which I thought was a bit odd as I'd never given it to them, and really hoped the DVLA hadn't flogged it to Camelot. It did prompt me to do a bit of digging (yey, DNS!) to check it was the real Camelot, which it seemed to be. But by that point I'd got bored with it.

        Much like Facepalm, the lottery is a mugs game given the odds of a jackpot win are worse than the odds of being hit by lightning, or I think meteorites. And if one survived those experiences, fulgurites & meteorites can probably be flogged for more than the average lottery punter's winnings. And in the interests of safety, flying a kite on a sandy beach* during a thunderstom might produce a fulgurite, but it might not be you who benefits.

        *Being the Internet, I saw a.. thing, which looked interesting, searched for more info and eventually found someone on YT who's set up a field of lightning rods in a storm prone area. They've had some success in summoning one of nature's curios.

        1. Anonymous Coward
          Anonymous Coward

          Re: It could be you..

          "who's set up a field of lightning rods in a storm prone area."

          That's also a minor plot element in the movie Sweet Home Alabama.

      2. David Nash Silver badge

        They don't need it if you buy a ticket in a store over the counter, so why do they need it if you buy the ticket online?

        1. JimboSmith Silver badge

          They don't need it if you buy a ticket in a store over the counter, so why do they need it if you buy the ticket online?

          I believe it's so that the underage don't play online. I can't remember the exact phrases she used but it's something like the following If you buy a ticket in a store then you're going to be seen by the salesperson. They can judge if you're over the age limit or can ask to see ID. They'll apparently come and visit you if you do win the jackpot wherever and however you bought your ticket.

    3. Just Enough

      None of their business

      Never, ever, use your real date of birth. Not unless it's something like your bank where it may be a legal requirement. Other websites are only interested in me "proving" I'm an adult. Or rather, covering themselves if it turns out I'm not an adult.

      The only possible downside to using a fake date of birth would be if they later ask you to verify your identity, by giving your date of birth. Then you'd need to remember what you said.

      Facebook wants it to profile you for targeted ads, and also reminding all your Facebook "friends" something that is obviously not worth remembering themselves. I can live without both.

      1. Blofeld's Cat

        Re: None of their business

        Where a memorable birth date is needed, I generally go for an "off by one" error on one or more elements.

        "Not right? Try July instead - Mobile keyboards don't like my fat fingers ..."

        1. FrogsAndChips

          Re: None of their business

          I use my dad's MMDD with my own YYYY.

  3. 89724102172714182892114I7551670349743096734346773478647892349863592355648544996312855148587659264921

    I'm not on Faecesbook either, but my old unused email address is listed in 17 breaches - it's a good job I never use my real name, DOB, address or phone number...

  4. vtcodger Silver badge

    Time for the usual security advice

    But my date of birth, name, etc haven't changed in years

    Well then. It appears to be past time to change them. Yes, all of them. And put in place a program of periodic changes. And do not use simple change patterns like stepping your middle initial by one with every update. Casual attitudes toward security simply will not do in this day and age.

    1. elDog

      Re: Time for the usual security advice

      Yes, I change my birthdate one every 1.736 months - purely random but tends towards a more recent one.

      I also use someone else's SSN (in the US). My name is Totally Fungible with access controls limited to Anonymous.

      Phone #s are drawn from the republican party congress things.

      It's a real devil logging into the Zuck-boy's FookBase but that keeps me away from his PHP minions.

      1. Chairman of the Bored
        Pint

        Re: Time for the usual security advice

        Using your congressman's phone number to catch all the phish? You are a gentleman and a scholar. Have a pint!

      2. Korev Silver badge
        Pirate

        Re: Time for the usual security advice

        > I also use someone else's SSN (in the US).

        Not many countries have nuclear submarines, won't they guess it's you?

    2. Lotaresco

      Re: Time for the usual security advice

      But my date of birth, name, etc haven't changed in years

      Well then. It appears to be past time to change them.

      Your name must be six or more characters long it cannot contain more than two consecutive characters, it must contain characters from the following categories:

      • Uppercase characters A-Z (Latin alphabet),
      • Lowercase characters a-z (Latin alphabet),
      • Digits 0-9,
      • Special characters (!, $, #, %, etc.)

      1. My-Handle Silver badge

        Re: Time for the usual security advice

        Elon Musk's ahead of the curve on this one.

      2. Lotaresco

        Re: Time for the usual security advice

        Also this remind me of the stupidity of some people who set security questions. One site asked me to choose an answer to give for a password reset request. Among the options available was "The name of your first pet." I chose that one and gave the correct answer. I then got "Answer is too short, please give a longer answer (eight characters minimum)."

        I don't think I've had any pet with a name longer than five characters. Most people seem to pick names like "Spot", "Fido", "Rover"[1] etc.

        [1] For cats at least.

        1. FrogsAndChips

          Re: Time for the usual security advice

          For these questions I generate random 20-char strings in Keepass. Can't wait to tell an operator that my first pet was called "PisZhAFEQfstPDwyoQaN".

      3. John G Imrie

        Re: Time for the usual security advice

        At least Bobby Tables will be OK

      4. jmch Silver badge

        Re: Time for the usual security advice

        This seems appropriate...

        https://m.youtube.com/watch?v=z_HmDP3lKMI

  5. Anonymous Coward
    Anonymous Coward

    Wot not even a we take your privacy seriously?

    1. Magani
      Happy

      Probably because even The Zuck has finally seen the dodgyness of openly telling blatant porkies

  6. M_Phuckerberg

    >spokesperson for Mark Zuckerberg's tech giant told us.

    >"We found and fixed this issue in August 2019."

    No. You haven't fixed 'this issue'!

    You fixed a little side-issue on your poxy surveillance site.

    *The* Issue, is that half a billion users' data has been compromised because of your immoral, unethical business model, which is based on:

    (i) extreme surveillance by a private company;

    (ii) enabling the most horrific content (*) to be disseminated to help make your huge profits. (If it brings in money, it's fine).

    *That* is The Issue.

    (*) E.g.

    Live streaming of massacres, torture and killing (of humans and animals), suicide facilitation, child abuse... and on, and on...

    All protected by Section 230 in a way that would result in conventional media publishers going out of business and their leaders being jailed.

    And, yes, you *are* a media publisher. You select and censor as suits you. That is editing. Publishing.

    Some of your policies have a strangely US-ian flavour. (Not all US-ians, obviously, but the hypocritical prudish variety)

    E.g. Guns and killing are just fine and dandy. Torture is 'freedom of expression'. But show a nipple, even one involved in breast-feeding, and you have cross FB's Morality Line.

    Zuck you, Phuckerberg!

  7. PJ H
    Facepalm

    "You can see if your profile is in this latest leak by entering your deets into [...] Have I Been Zucked."

    Because sticking your phone number in a newly created random website - who probably store the details sent - is the thing to do these days...

    (OTOH, I trust HIBP, but they don't have a search function for phone numbers. Yet.)

    1. Lotaresco

      Because sticking your phone number in a newly created random website - who probably store the details sent - is the thing to do these days...

      Plus the "Have I been Zucked" interface appears to have been created by a moron. The search box states that it accepts "Phone Number, Email Address, Full name" but the user has to select which to use in a separate drop-down list halfway down the page which is designed to be difficult to see (black box, black background, tiny dark grey down-arrow way over to the right, no explanatory text. Get it wrong and you receive a snarky comment.

      I've no concern about searching for name, phone number, or email since all of them used on FB are false as is the DOB.

    2. AndersH

      HIBP does now

      Just did a search on HIBP using a phone number. Make sure to try by the leading 0 and country code version of your phone number.

  8. Anonymous Coward
    Anonymous Coward

    Excuse me while I guffaw!

    Facebook?

    What?

    LOL

    </>smug-mode

    1. Anonymous Coward
      Anonymous Coward

      Yes, facebook.

      So you don't see any issue with the links to Twitter, Facebook, and LinkedIn on pretty much every El Reg page (e.g. the "Subscribe to our newsletter" promo which is here there and everywhere)?

      And their equivalents on many other websites?

      Then I am sorry to tell you that you have been misinformed. And tracked anyway, using your "shadow profile(s)" (look it up, it's a real actual thing) whether or not you have a Facebook account explicitly.

      1. FlamingDeath Silver badge

        Re: Yes, facebook.

        Noscript FTW

        block all the things

        If your dumb site doesnt show content without javascript, i’m moving on

        I dont suffer from FOMO

      2. iron Silver badge

        Re: Yes, facebook.

        What links to Twitter, et al? My anti-tracking software has been removing those for years.

        Undoubtedly FB have a shadow profile for me but it probably states I'm deceased since it hasn't been updated in over a decade.

  9. a_yank_lurker

    FraudBook

    As noted, most people's details have not changed much since 2019. DOB definitely not changed. Name probably not. Location probably not. Marital status probably not. Email and phone almost certainly not. And I know I have missed many more. Personal details by their nature can identify a person fairly readily if enough are known and one cares to make the effort to cross reference the details. Some of us have fairly rare surnames world wide for example. Knowing location, age, and a couple of other details might make an exact match fairly easy. John Smith might take a little more work.

    1. The Sprocket
      Facepalm

      Re: FraudBook

      I remember signing up for Facebook (business purposes) I gave them false info to shut them up. Fake DOB, no phone, and fake location. My name and email is near-everywhere anyhow, but one can't do anything with that. I don't know why people think they have to be so honest with these data slurpers. My Twatter account is even sparser, and fake-ier. LOL!

      Ready, at anytime, to pull the plug on the lot of them, frankly.

      1. vtcodger Silver badge

        Re: FraudBook

        I used to tell sites that wanted personal data for no obvious reason that my name was No Wei and my email was noway@hamsterdance.com. Worked back then. Wonder if it still does. Nowadays they probably send a email and demand a near instant response -- or else.

        Or else what?

  10. _andrew
    FAIL

    It could be worse

    The extremely clever federal government in Australia is currently debating legislation that would require "social media" sites to access 100 "points" of identification data (passport, drivers license, birth certificate etc) on creation of accounts. Exactly the same sort of stuff (and the same amount) as required to open a bank account. Notionally it's in order to "prevent anonymous online bullying", but won't it be great when this sort of data leak includes all of that extra, juicy information!

    1. JetSetJim
      Black Helicopters

      Re: It could be worse

      It's being mooted in the UK, too. Not sure how much traction it will get, as this is merely a petition initiated by Katie Price that has reached sufficient interest to trigger consideration for debate in parliament, but I wouldn't be surprised if it gets support from the Home Sec...

      1. ThatOne Silver badge
        Unhappy

        Re: It could be worse

        > Not sure how much traction it will get

        Unfortunately probably lots, because all governments just love surveillance, and who cares if the cattle's ID gets compromised? Certainly not politicians. Citizens are throwaway ware, there is always a lot more where they came from.

  11. julian.smith
    FAIL

    Oxymoron alert!

    "the extremely clever federal government in Australia" is an oxymoron

    The proposal is a dumber version of the "Australian laws trump the laws of mathematics" nonsense

    Dumb as a sack of rocks

    1. Pascal Monett Silver badge

      Re: Oxymoron alert!

      You need to upgrade your satire detector.

    2. John Brown (no body) Silver badge

      Re: Oxymoron alert!

      For some odd reason, I read Federal as Feudal.

  12. DMcDonnell

    They don't know my real info

    This is one reason that I have never given real info to the Social Media orgs.

  13. Securitymoose
    Happy

    Does anyone trust Facebook with their real details?

    I have a unique mail account for dealing with Facebook. So far there have been no attempts at scams or anything through that address.

    Telephone number? I refused to give it.

    Birthday? I lied (I must be their oldest member).

    Shoe size? Coco the Clown

    Where do I live? I choose the places with the silliest names across the world, and move between them from time to time - current location Tittybong (Australia), but I'm hoping to move to Dildo, Canada, soon.

    Yes, they can find out general information from my group memberships and website details, but as I'm an author of satire, that's free publicity isn't it?

    1. MrBanana Silver badge

      Re: Does anyone trust Facebook with their real details?

      Whatever identity obfuscation you have chosen, you're still on Facebook - so, yay!, good job, well done...

    2. onemark03

      Tittybong (Australia) and Dildo, Canada

      Or:

      https://simple.wikipedia.org/wiki/Fucking,_Austria

      1. seven of five

        Re: Tittybong (Australia) and Dildo, Canada

        They have renamed themselves recently.

        1. Anonymous Coward
          Anonymous Coward

          Re: Tittybong (Australia) and Dildo, Canada

          More cultural heritage lost.

      2. Ben1892

        Re: Tittybong (Australia) and Dildo, Canada

        That's funny, I live in Fucking, Austria too ( according to FB anyway) although they are about to change or already have changed the name because too many people steal the village sign :)

        1. seven of five

          Re: Tittybong (Australia) and Dildo, Canada

          You may want to relocate to the less obvious DE 52445 Titz.

  14. Captain Hogwash

    Interesting

    https://www.msn.com/en-in/money/news/leaked-phone-number-of-mark-zuckerberg-reveals-he-is-on-signal/ar-BB1fjNfL

    1. Pascal Monett Silver badge

      Re: Interesting

      Signal, that's the encrypted chat app.

      So El Zuck wants privacy for himself, and invasion of privacy for everyone else.

      Not surprised.

      1. Captain Hogwash

        Re: Interesting

        If that doesn't wake people up I don't know what will.

        1. ThatOne Silver badge

          Re: Interesting

          > I don't know what will

          Nothing?

          Convenience and the general herd instinct will always keep people tied to WA, no matter how bad it gets or what they hear about it. Apparently everybody around me uses it and when asked, all consider it absolutely essential, for a number of more or less fallacious reasons ("keep in touch with granny", has/is an expat family member, "all my friends/colleagues use it", and so on)...

      2. Korev Silver badge

        Re: Interesting

        I was hoping to abandon WhastApp after the T&C change debacle. The end result is that I now have lots of different messaging Apps for a minority of people and the other 80%+ still using WA...

      3. My-Handle Silver badge

        Re: Interesting

        The same man who had face recognition implemented in any photo uploaded to Facebook and was also witnessed having sticky-tape over his laptop camera in a video announcement.

  15. Anonymous Coward
    Anonymous Coward

    Read all about it.

    Startup Founder rehashes old news to raise his profile.

  16. Blackjack Silver badge

    I got lucky in the sense I never used Facebook because it wanted my real name and photos of the real me.

    1. M_Phuckerberg

      Lovely idea, but how lucky did you really get? See above about shadow profiles.

      Just because you never used Facebook that doesn't mean it never used you.

      And do you know anyone who uses Whatsapp?

      Might any of them have your details in their contacts app?

      Might they have had to reply Yes to said details being uploaded to Whatsapp / Facebook? (Clue: yes).

    2. The Sprocket

      How did you know they wanted your 'real' name? FB has no database that has your email and real name attached. You could seriously called yourself 'I.P. Daily' and gotten away with it. The only problem is your pals wouldn't recognize you.

  17. Potemkine! Silver badge

    It may be old news, but it's always a good thing to remind the social media (gullible) users that all their data can be stolen.

    1. Anonymous Coward
      Anonymous Coward

      Let me fix that for you.

      It may be old news, but it's always a good thing to remind the social media (gullible) users that all their data has been stolen.

  18. DS999 Silver badge

    I signed up for Facebook 15 years ago

    Back then they didn't require a phone number as they do now, so they don't have mine. I also gave them Jan. 1 1901 as my birthdate, so they don't have that either. So if I'm on this list, all you get is my email, and I used my "public" email I give out to businesses etc. that gets all the spam not my personal email I only share with friends.

  19. Anonymous Coward
    Anonymous Coward

    Zuck is SUCK!

  20. Anonymous Coward
    Anonymous Coward

    Fake names

    Apparently Dan Glewell is a fake name. Even though my email address is dan@glewell.com. Apparently it's rude? Well, they can swing, that's all I can say.

  21. anonymous boring coward Silver badge

    "Facebook now says "malicious actors obtained this data not through hacking our systems but by scraping it from our platform prior to September 2019"

    That's so much better! No need even to hack the system, as it was wide open! Really something to be proud of, and point out.

  22. Anonymous Coward
    Anonymous Coward

    Oldest person in the world?

    My DOB is so old I should have a large collection of birthday cards from Queen Victoria.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like