So you are one of the 533 million people in the Facebook leak. What now?

by

Cyber ​​intelligence company Hudson Rock last weekend disclosed that personal information of 533 million Facebook accounts has been leaked, including names, phone numbers, Facebook IDs, locations, account creation dates, birthdays, relationship statuses, biographies and, in some cases, email addresses. The breach includes data from more than 32 million accounts in the United States, 11 million in the United Kingdom, and 6 million in India.

“We found and resolved this issue in August 2019,” Facebook spokesman Andy Stone told CNN on Saturday.

For many users, the information they had on their Facebook profile in 2019, such as phone numbers and birthdays, probably hasn’t changed in the past two years. And that means the data can still be useful to hackers or other bad actors.

Although this was due to an old fracture [and] this is old information, now it is public in the public domain, ”said Jeff Dennis, partner and head of the privacy and data security practice at law firm Newmeyer Dillion. Anyone with basic search skills can now search that database and exploit it, which was not the case when the data was originally created. ”

The information of half a billion Facebook users on a hacking website, cyber specialists say

Here’s what users need to know about how the leaked data can be used and how to protect themselves.

How can bad actors use the data?

The news of the leak is by no means good. But it is also not necessarily a cause for panic.

The truth is that data breaches have unfortunately become quite common for a wide variety of online services. So, unless you hardly ever use the internet or mobile apps, it is likely that a lot of your personal information is already available where bad actors can find it.

The types of information exposed during the recent Facebook leak are also not the most helpful to hackers, unlike data such as credit card details or social security numbers.

“The silver lining here is that this data is not that valuable for attackers to carry out some sort of devastating attack on an entity or person,” said Vikram Thakur, technical director at Symantec, a security software company now part of Broadcom AVGO“The information is not so detailed that it could affect someone’s identity or personal life in any way.”

Still, there are a number of ways that bad actors can misuse the leaked information.

First of all, there are websites, including haveibeenpwned.com, where users can see if their email address or phone number may have been involved in the breach. However, the method isn’t foolproof – and Facebook hasn’t said whether it will alert those whose information has been hacked – so users should be wary of potential misuse of their data whether or not they appear on such a site.
Since the breach involves names and phone numbers, it could lead to an increase in robocalls or text messages (which are already a huge problem). Scammers are the most obvious potential users of leaked phone number data, but technically anyone could search the database and find this information – so people might want to know that other strangers can get their numbers too.

“It’s actually really easy to search through this data … in a few seconds you can easily find the information of someone you’re looking for,” Thakur said, although in a cache of 533 million records, if someone was a general. name, finding their information can get more difficult.

Here's how to tell if your Facebook account was one of the half a billion breached
The data can also be used to carry out social engineering attacks, such as phishing. A social engineering attack usually involves a bad actor who impersonates a legitimate person or organization, including a bank, company, or colleague, to steal data such as credentials, credit card numbers, social security numbers, and other sensitive information.

While the Facebook breach does not necessarily lead to an increase in phishing attempts, the fact that there are so many different types of information available about each individual user as a result of this hack may make them appear more credible, and thus more successful.

“It would be very difficult as a user to look through some sort of phishing campaign when they are using information that you thought was very private to you, such as information that could be found on Facebook in your bio area,” Dennis said. “Especially when you combine it with location data, you can see how bad guys would start using this information in a very sinister but effective way.”

How to Protect Yourself

The breach is a reminder that no information that users share with online services can ever be absolutely guaranteed to be safe and private.

“As good as our defenses are, the bad guys keep evolving faster than we can protect ourselves and faster than companies can protect the information, so you just have to be aware of it,” Dennis said. “I wouldn’t put anything on Facebook that you wouldn’t want to put in a public database somewhere.”

Affected users and anyone whose information could have been exposed should keep their eyes peeled for potential scams or phishing attempts.

A good rule of thumb, according to Thakur: “Only provide your information if you are the one initiating the conversation. If someone asks you for your Social Security, your password, your credit card number, even your name, it is not necessary. can place it anywhere … unless you’re the one initiating the conversation or transaction. “

In other words, if you receive a call or email from someone claiming to be from your bank, your doctor’s office, or a company where you’ve recently shopped for sensitive information, don’t hand them over. Hang up. Then find a trusted phone number for that place – from the back of your credit card, the doctor’s website, or the official email receipt you received from the company – and call them to determine if the request was legitimate.

More generally, the situation is also a good reminder to take steps to keep your data “hygiene” as experts sometimes call it, such as using different passwords for each website, changing passwords regularly, and using two-factor authentication .

Source