Scammers were pleased to find the treasure trove of Facebook IDs, real names, and even phone numbers in the leak. This is far larger than their disappointingly small leak of 30 million users’ data in 2018, but still is only a little over half of the 419 million users leaked this year. It’s been a good year for scammers, as Facebook caters to their most valuable hackers.
If you’re one of Facebook’s legitimate users, there’s nothing to worry about! This is all data you already gave to Facebook for tracking your every move, interest, and relationship for better ad tracking. Do you really mind if a few criminals have it too?
Oh, you do?
Huh.
Then maybe this is a big deal.
What Leaked Where?
If you’re worried about those poor hackers on the dark web, unable to access your account to send you spam, don’t, it’s online for them to see. Researchers were able to find an open trove on a hacker forum, unprotected in any way. Really, anyone could scrape it.
The entire leak contains Facebook user IDs, which can link to your actual Facebook account. These are often parts of your email password, though sometimes are random numbers. Still, with that ID, they can find you on Facebook. That could give them more information, especially if you accept a friend request from a fake account they’ll have set up. They’ll also have your phone number, so they can call you looking for information. Since they’ll have your Facebook account, and could even be friends with you, they’ll be able to figure out contact information and relevant names.
If they want to target you for more information, like banking information, social security numbers, or anything else, it’ll be incredibly easy.
How Will Hackers Use My Data?
Most of this information is useful to phishers. They’ll use the information to trick you into believing a communication is from an official source. An email could come in, seemingly from a bank, asking you to confirm your information. It’ll include your full name and phone number, making you more likely to trust it. You log in to a website that looks like your bank’s, and you’ve just given some hackers all of your personal information.
This information didn’t include passwords, or direct access to your account, so really, all you have to do to protect yourself is be wary of fishing attacks. That includes spearphishing attacks, which may include some highly personal data pulled in from other leaks. It will seem credible by mentioning other accounts or holdings. They may even try to convince you that you’ve already been hacked, and that you owe them a ransom.
Never give anything to anyone online unless you went there first. If you bank asks you to log in, close the email window and log in through the website. Same goes for your work accounts and any personal data. Only log in to sites you navigated to yourself.
Russia was able to hack the DNC and RNC email servers with little more than these simple techniques. A child with a computer could pull off a hack like that. With Facebook and other companies like Capital One handling your private information without care, phishing attacks are only going to become more common. Be careful, and perhaps consider avoiding companies like Facebook that don’t handle your data securely.
Source: Muhammad Jarir Kanji, Android Central