You may have heard recently about 533 million Facebook users’ phone numbers and other info leaked on a hacker forum recently.
I wanted to provide a quick one-stop-shop for info on what happened and what you can do to further secure your Facebook account.
What happened and what data was involved?
In June of 2020 this data was put up for sale on a hacker forum. It is believed to have initially been gathered using a vulnerability in the ‘add friend’ feature that has since been patched.
The data was initially put up for sale for $30000USD last June, but is now posted for free—and that’s why it’s making the news now, almost a year later.
The data included(s): mobile phone number, Facebook ID, name, gender, some emails, occupation, city, country, marital status
See an example below provided by bleepingcomputer.com:
“As a result of the action we took, we are confident that the specific issue that allowed them to scrape this data in 2019 no longer exists.” By Mike Clark, Product Management Director (The Facts on News Reports About Facebook Data - About Facebook (fb.com))
That’s good to know this won’t happen again, but doesn’t change the fact that this information is already in the wild.
Are you affected?
Find out if your account is included in this breach:
Go to Have I Been Pwned: Check if your email has been compromised in a data breach and put in the mobile number you have setup with your Facebook. It will search the Facebook leaked info and let you know if you're affected. While you are here, put in your email as well to see if there are any other breaches that you may be affected by.
OH NO I’m on the list! What now!?
This will put you at a higher risk of receiving spam or phishing emails. As well as phishing text messages or calls to your mobile number (smishing and vishing respectively).
Just be aware of this and be extra vigilant. As well, make sure you setup MFA on your Facebook accounts and ideally any account you have that has that as an option.
How can I better secure my account?
Passwords weren't included in this leak, but nevertheless, the best bang for the buck when it comes to securing accounts is to set up MFA (Multi-Factor Authentication).
See my past blog post Protecting Your Online Accounts, there is a section near the bottom specifically stating how to do just this.
Stay well until next time.
Back to Cybersecurity Blog Home.
Stavros Tzagadouris - Level 1 Information Security Officer - Trent University