So you’re one of the 533 million in the Facebook leak. And now?

So you’re one of the 533 million in the Facebook leak. And now?

by
Hudson Rock, cyber intelligence company, over the weekend revealed that personal information from 533 million Facebook accounts has been leaked, including names, phone numbers, Facebook IDs, locations, account creation dates, birthdays, relationship status, biographies and, in some cases, email addresses. The breach includes data from more than 32 million accounts in the United States, 11 million in the United Kingdom and 6 million in India.

“We found and fixed this problem in August 2019,” Facebook spokesman Andy Stone told CNN on Saturday.

However, for many users, the information they had on their Facebook profile in 2019, such as phone numbers and birthdays, probably hasn’t changed in the past two years. And that means that the data can still be useful to hackers or other malicious actors.

“Although this was due to an old violation [and] this is old information, now in the public domain, “said Jeff Dennis, partner and head of data privacy and security practice at Newmeyer Dillion law firm.” Anyone who has basic research skills can now find this database and exploit it, which was not the case when the data was originally obtained. ”

Information from half a billion Facebook users posted on hacker sites, cyber experts say

Here’s what users should know about how leaked data can be used and how to protect yourself.

How can malicious actors use the data?

The news of the leak is definitely not good. But it is also not necessarily a cause for panic.

The truth is that data breaches have unfortunately become quite common across a wide range of online services. So, unless you almost never use the Internet or mobile apps, it’s likely that a lot of your personal information is already out there, where evildoers can find it.

The types of information exposed in the recent Facebook leak are also not the most useful for hackers, unlike data like credit card information or social security numbers.

“The bright side here is that this data is not so valuable for attackers to conduct any type of attack against an entity or person,” said Vikram Thakur, technical director at Symantec, a security software company that is now part of Broadcom (AVGO). “The information is not so granular that it can in any way impact someone’s identity or personal life.”

Still, there are several ways for malicious agents to exploit the leaked information.

The first thing to do is get started: there are websites, including haveibeenpwned.com, where users can see if their email or phone number was potentially involved in the breach. The method, however, is not foolproof – and Facebook has not said whether it will alert those whose information has been hacked – so users should be aware of the misuse of their data, whether or not they appear on such a site.
Since the breach includes names and phone numbers, it can lead to an increase in automatic calls or text messages (which are already a major problem). Scammers are the most obvious potential users of leaked phone number data, but technically anyone can search the database and find that information – so people may also want to be aware of the potential for other strangers to get their digits.

“In fact, it is very easy to search this data … in a few seconds, you can easily find the information of anyone who is looking for it,” said Thakur, although in a cache of 533 million records, if someone has a common name , finding your information can become more difficult.

Here's how to know if your Facebook account was one of half a billion breaches
The data can also be used to carry out social engineering attacks, such as phishing. Typically, a social engineering attack involves a malefactor imitating a legitimate person or organization, including a bank, company or co-worker, to steal data such as login credentials, credit card numbers, social security numbers and other confidential information.

Although the Facebook breach does not necessarily lead to an increase in the volume of phishing scams, the fact that so many different types of information about each user is available as a result of this hack can make them appear more reliable and therefore better successful.

“It would be very difficult, as a user, to see through some kind of phishing campaign when they are using information that you thought was very private to you, such as information that would be found on Facebook in your bio section,” Dennis said. “Particularly, when you combine this with location information, you can see how the crooks would start using that information in a very sinister but effective way.”

How to protect yourself

The breach is a reminder that no information that users share with online services can be absolutely guaranteed to be secure and private.

“As good as our defenses are, bad guys continue to evolve faster than we can protect ourselves and faster than companies can protect information, so you just need to be aware,” said Dennis. “I wouldn’t put anything on Facebook that you wouldn’t want to put in a public database somewhere in the future.”

Affected users, and anyone whose information may have been exposed, should keep their eyes open for possible fraud or phishing scams.

A good rule of thumb, according to Thakur: “Only disclose your data when you are initiating the conversation. If someone asks you for your social security, your password, your credit card number, even your name, there is no need for you put it anywhere … unless you are the one initiating the conversation or the transaction. “

In other words, if you receive a phone call or email from someone who claims to be from your bank, or from your doctor’s office, or from a company where you recently made a purchase asking for confidential information, don’t give it away. To switch off. Then, find a trusted phone number for that place – on the back of your credit card, on the doctor’s website, or on the official email receipt you received from the company – and call them to determine if the request was legitimate. .

More generally, the situation is also a good reminder to take steps to preserve the “hygiene” of your data, as experts sometimes call it, how to use different passwords for each site, change passwords frequently and use two-factor authentication .

.Source