So you’re one of 533 million in the Facebook leak. What now?

So you’re one of 533 million in the Facebook leak. What now?

by
The cyber intelligence firm Hudson Rock this weekend revealed that personal information from 533 million Facebook accounts was leaked, including names, phone numbers, Facebook IDs, locations, account creation dates, birthdays, relationship statuses, bios and in some cases email addresses. The breach contains data from more than 32 million accounts in the United States, 11 million in the United Kingdom and 6 million in India.

“We found and fixed this issue in August 2019,” Facebook spokesman Andy Stone told CNN on Saturday.

For many users, information they had on their Facebook profile in 2019, such as phone numbers and birthdays, has probably not changed in the past two years. And that means the data could still be useful to hackers or other bad actors.

‘Although it was due to an old offense [and] it’s old information, now it’s in the public domain, “said Jeff Dennis, partner and head of privacy and data security practice at law firm Newmeyer Dillion. Anyone who has basic search skills can now find and exploit the database, which was not the case when the data was originally taken. ‘

Half a billion Facebook users' information is posted on the hacking website, cyber experts say

Here’s what users need to know about how the leaked data can be used and how to protect themselves.

How can bad actors use the data?

The news about the leak is definitely not good. But it is also not necessarily a cause for panic.

The truth is that data breaches have unfortunately become quite common for a wide range of online services. So, unless you’re almost using the internet or mobile applications, it’s likely that a lot of your personal information is already there where bad actors can find it.

The types of information exposed in the recent Facebook leak are also not the most useful for hackers, unlike data such as credit card information or social security numbers.

“The silver lining here is that this data is not as valuable to attackers as carrying out any damning attack on an entity or person,” said Vikram Thakur, technical director of Symantec, a security software firm now part of said. Broadcom (AVGO). “The information is not so fine that it could in any way affect your identity or personal life.”

Yet there are a number of ways in which bad actors can exploit the leaked information.

The first thing is the first: there are sites, including haveibeenpwned.com, where users can see if their email or phone number may have been involved in the violation. However, the method is not infallible – and Facebook did not say whether it would warn those whose information was hacked; users should therefore be on the lookout for possible misuse of their data, regardless of whether they appear on such a website.
Because the violation contains names and phone numbers, it can lead to an increase in robo-calls or text messages (which is already a big problem). Scammers are the most obvious users of leaked phone number data, but technically anyone can search the database and find this information. People may also want to be aware of the possibility that other strangers may get their numbers.

“It’s actually very easy to search through this data … within seconds you can easily find someone’s information you’re looking for,” Thakur said, although someone has a common name in a 533 cache million plates. finding their information can become more difficult.

Here's how to see if your Facebook account is one of the half a billion violated
The data can also be used for attacks on social engineering, such as phishing. Usually, an attack on social engineering involves a bad actor following a legitimate person or organization, including a bank, company or colleague, to steal data such as credentials, credit card numbers, social security numbers and other sensitive information.

While the Facebook breach will not necessarily lead to an increase in the number of phishing attempts, the fact that so many different types of information are available about each user as a result of this hack may make it appear more credible, and therefore more successful .

“It would be very difficult for a user to see through a kind of phishing campaign when they use information that you think was very private to you, such as information that would be found on Facebook in your bio section,” Dennis said. . “When you combine it with location information, you can especially see how bad guys would use this information in a very sinister but effective way.”

How to protect yourself

The breach is a reminder that there can never be an absolute guarantee that information shared by users with online services is secure and private.

“Just as well as our defense, the bad guys continue to evolve faster than we can protect ourselves and faster than companies can protect the information, so you just have to be aware of that,” Dennis said. “I would not post anything on Facebook that you would not want to post somewhere in the public database.”

Affected users, and anyone whose information may have been exposed, should keep an eye out for possible scams or phishing attempts.

According to Thakur, there is a good rule of thumb: “Only give out your information when you start the conversation. If someone asks you for your social security, your password, your credit card number, even your name, it is not necessary. to put in anywhere … unless you’re the one starting the conversation or the transaction. ‘

In other words, do not hand it over if you receive a call or email from someone pretending to be from your bank or your doctor’s office, or from a company that you recently asked for sensitive information. . Hang on. Then look for a reliable phone number for the location – on the back of your credit card, the doctor’s website or the official email proof you received from the company – and call them to determine if the request is legal.

More generally, the situation is also a good reminder to take steps to preserve your data ‘hygiene’, as experts sometimes call it, such as using different passwords for each website, changing passwords frequently and using two-factor authentication.

.Source