So, you are one of the 533 million in the Facebook leak. What now?

by

Cyber ​​intelligence company Hudson Rock this weekend disclosure personal information from 533 million Facebook accounts was disclosed, including names, phone numbers, Facebook IDs, locations, account creation data, birthdays, relationship status, biographies, and in some cases, email addresses. -mail. The breach includes data from more than 32 million accounts in the United States, 11 million in the United Kingdom and 6 million in India.

“We found and fixed this issue in August 2019,” Facebook spokesman Andy Stone told CNN on Saturday.

However, for many users, the information they had on their Facebook profile in 2019, such as phone numbers and birthdays, probably hasn’t changed in the last two years. And that means that the data could still be useful to hackers or other bad actors.

“Although this was due to an old violation [and] this is old information, now available in the public domain, “said Jeff Dennis, partner and head of privacy and data security practice at law firm Newmeyer Dillion.” Anyone with basic search skills can now go and find that database and exploit it, which was not the case when the data was originally taken. ”

Information on half a billion Facebook users posted on the hacking site, say cyber experts

Here’s what users should know about how leaked data could be used and how to protect themselves.

How could bad actors use the data?

The leak news is definitely not good. But it is also not necessarily a cause for panic.

The truth is that data breaches have unfortunately become quite common for a wide range of online services. So, if you never use the internet or mobile applications with difficulty, it’s likely that a lot of your personal information is already where bad actors might find it.

The types of information exposed in recent Facebook leaks are also not the most useful to hackers, as opposed to data such as credit card information or social security numbers.

“The bottom line here is that this data is not so valuable to attackers to carry out any convicted attack against an entity or person,” said Vikram Thakur, technical director at Symantec, a security software company that is now part of Broadcom (AVGO). “Information is not so granular that it can somehow affect someone’s identity or personal life.”

However, there are a number of ways in which bad actors could exploit the information disclosed.

The first thing is first: there are websites, including haveibeenpwned.com, where users can see if their email or phone number has been involved in the breach. However, the method is not infallible – and Facebook has not said whether it will alert those whose information has been hacked – so users should be looking for the misuse of their data, whether or not they appear on such a site. .
Because the violation includes names and phone numbers, it could lead to an increase in phone calls or text messages (which are already a huge problem). Scammers are the most obvious potential users of leaked phone number data, but technically anyone could search the database and find this information – so people might also want to be aware of the potential. for other strangers to get their numbers.

“In fact, it’s very easy to search for this data … in seconds, you can easily find the information you’re looking for,” Thakur said, though in a cache of 533 million records, if anyone has a common name, finding their information could become more difficult.

Here's how to find out if your Facebook account was one of half a billion that was violated
The data could also be used to carry out social engineering attacks, such as phishing. Typically, a social engineering attack involves a malicious actor imitating a legitimate person or organization, including a bank, company, or co-worker, to steal data such as login credentials, credit card numbers, security numbers. social and other sensitive information.

Although the violation on Facebook will not necessarily lead to an increase in the volume of phishing attempts, the fact that so many different types of information about each user are available as a result of this hack, could make them seem more credible and so more successful.

“It would be very difficult, as a user, to see through a kind of phishing campaign when you use information that you thought was very private to you, such as information that could be found on Facebook in your biography section.” , Dennis said. “In particular, when you combine them with location information, you can see how bad they would start using that information in a very sinister but effective way.”

How to protect yourself

Infringement is a reminder that no information that users do not share with online services can ever be guaranteed to be secure and private.

“As good as our defenses are, bad guys keep evolving faster than we can protect ourselves and faster than companies can protect information, so you just have to be aware,” Dennis said. “I wouldn’t put anything on Facebook that you wouldn’t want to be put in a public database somewhere on the line.”

Affected users and anyone whose information could have been exposed should keep their eyes peeled for potential scams or phishing attempts.

A good general rule, according to Thakur: “Offer your information only when you are the one initiating the conversation. If someone asks for your social security, password, credit card number, even your name, there’s no need for you to put it anywhere … unless you’re the one initiating the conversation or transaction. “

In other words, if you receive a phone call or email from someone who claims to be from your bank or your doctor’s office, or from a company you recently bought to request sensitive information, don’t teach it. Hang up. Then find a trusted phone number for that location – on the back of your credit card, on the doctor’s website, or on the official email receipt you received from the company – and call them to determine if the request was legitimate.

More generally, the situation is also a good reminder to take steps to keep your data “hygienic,” as experts sometimes call it, such as using different passwords for each website, changing passwords frequently, and using two-factor authentication.

.Source