If you are a Facebook user, be careful: your mobile and your email address could have been leaked online. Has happened with 533 million users whose personal data has been stolen and leaked for free on the internet.
The danger is enormous, since anyone can obtain this data and use it for example to impersonate those users. The theft affects users in 106 countries and among the leaked information are Facebook identifiers, their mobile numbers, addresses, biographies and in some cases the email address.
Almost 11 million Spanish users affected by the theft
On Facebook they affirm that the vulnerability that caused that massive data theft was already corrected in August 2019 and he was talking about “old data”, but still the amount of leaked data is enormous and its validity remains a real threat to all those affected.
Details include:
Phone number, Facebook ID, Full name, Location, Past Location, Birthdate, (Sometimes) Email Address, Account Creation Date, Relationship Status, Bio.
Bad actors will certainly use the information for social engineering, scamming, hacking and marketing.
— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
Troy Hunt, a cybersecurity expert and known for managing the Have I Been Pwned site, noted that found 2.5 million email addresses in that data theft: although it is a small percentage compared to the magnitude of the data theft, there are still many email addresses.
That information, like him Explain, can be used for phishing attacks where having the victim’s email and phone number is enough for cybercriminals.
What explained Alon Gal, Head of Cybersecurity Company Hudson Rock, almost 11 million users in Spain (10,894,206 specifically) are part of this leak, while the most affected countries are Egypt (44.8 million), Tunisia (39.5 million), Italy (35.6 million) and the United States (32.3 millions).
The proportion of emails that appear in the case of Facebook users in Spain is similarly small: as Xataka has learned, of those almost 11 million records, about 75,500 have an associated email address.
The discovery has been causing scares for a few months: in January a Telegram bot appeared It allowed that by entering a Facebook ID, the phone number associated with that ID would be returned to us if there was a correspondence.
Where did they get this data and how?
The data already surfaced in June 2020: a member of a hacking forum put that data up for sale, but unlike that post, these days the data was available for free and anyone could easily consult them because it is in plain text.
An example of the filtered data.
These data appear to come from a robbery that occurred in April 2019 and what researchers at the security firm UpGuard discovered. The data was available on a public server that took months to be patched.
The 146 GB file It contained nearly 540 million records and was one of the largest in a troubling history of data theft on Facebook.
Just the previous month it had been discovered how Facebook stored passwords for hundreds of millions of accounts in plain text, and although only company employees had access to that file, his discovery was haunting.
Changing passwords and enabling two-step authentication can prevent many future scares
Hunt has already included those email addresses in its database, which means that it doesn’t hurt to go through their website, put our email address in the search engine and so on. know if that address is part of the data theft.
It is important to note that the fact that your email is not included in this massive data theft it does not mean that many other data associated with your Facebook ID are not part of this leak: As we said, there are many accounts in which a lot of information has been leaked but not an associated email.
Indeed Troy Hunt asked to their followers if they would like to be able to carry out that search for those affected not only by email, but by mobile number. Two out of three believed that this type of data should also be offered to carry out searches, although for the rest offering this search by mobile phone number was risky.
If so, the recommendation is to change the password of Facebook and even that of the email account —A good password manager helps to simplify and guarantee that process — and add two-step authentication to those accounts (and other important services to us).
In this last tip there is an important consideration: if possible, do not use SMS as a two-step authentication method; it is much better to use applications like Google Authenticator or Microsoft Authenticator for that purpose.
Via | Insider