If you are a Facebook user, be careful: your mobile and your email address could have been leaked online. Has happened with 533 million users whose personal data has been stolen and leaked for free on the internet.
The danger is enormous, since anyone can obtain this data and use it for example to impersonate those users. The theft affects users in 106 countries and among the leaked information are Facebook identifiers, their mobile numbers, addresses, biographies and in some cases the email address.
Almost 11 million Spanish users affected by the theft
On Facebook they affirm that the vulnerability that caused that massive data theft was already corrected in August 2019 and he was talking about “old data”, but still the amount of leaked data is enormous and its validity remains a real threat to all those affected.
Phone number, Facebook ID, Full name, Location, Past Location, Birthdate, (Sometimes) Email Address, Account Creation Date, Relationship Status, Bio.
Bad actors will certainly use the information for social engineering, scamming, hacking and marketing.
– Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
Troy Hunt, a cybersecurity expert and known for managing the Have I Been Pwned site, noted that found 2.5 million email addresses in that data theft: although it is a small percentage compared to the magnitude of the data theft, there are still many email addresses.
That information, as he explains, can be used to phishing attacks where having the victim’s email and phone number is enough for cybercriminals.
As Alon Gal, head of the cybersecurity company Hudson Rock explained, almost 11 million users in Spain (10,894,206 specifically) are part of this leak, while the most affected countries are Egypt (44.8 million), Tunisia (39.5 million), Italy (35.6 million) and the United States (32.3 millions).
The discovery has been causing scares for a few months: in January a Telegram bot appeared It allowed that by entering a Facebook ID, the phone number associated with that ID would be returned to us if there was a correspondence.
Where did they get this data and how?
The data already surfaced in June 2020: a member of a hacking forum put that data up for sale, but unlike that post, these days the data was available for free and anyone could easily decipher them with well-known tools in the field of cybersecurity.
An example of the filtered data.
These data appear to come from a robbery that occurred in April 2019 and what researchers at the security firm UpGuard discovered. The data was available on a public server that took months to be patched.
The 146 GB file It contained nearly 540 million records and was one of the largest in a troubling history of data theft on Facebook.
Just the previous month it had been discovered how Facebook stored passwords for hundreds of millions of accounts in plain text, and although only company employees had access to that file, his discovery was haunting.
Changing passwords and enabling two-step authentication can prevent many future scares
Hunt has already included those email addresses in its database, which means that it doesn’t hurt to go through their website, put our email address in the search engine and so on. find out if that address is part of the data theft.
If so, the recommendation is to change the password of Facebook and even that of the email account —A good password manager helps to simplify and guarantee that process — and add two-step authentication to those accounts (and other important services to us).
In this last tip there is an important consideration: if possible, do not use SMS as a two-step authentication method; it is much better to use applications like Google Authenticator or Microsoft Authenticator for that purpose.
Via | Insider