Back in 2019, the personal information of 533 million Facebook users, including more than 7.3 million Australians – which might include you – was stolen by hackers. Now, cybersecurity experts are warning it’s easier for criminals to sort through the data and use it to steal your identity. That means it’s a good time to check whether you were among the more than half a billion people caught up in the hack. But since Facebook isn’t telling its users if they were victims, you’ll have to rely on a third-party website to figure it out yourself. Haveibeenpwned.com is a helpful website created by Australian cybersec expert Troy Hunt, a Microsoft regional director (an advisory role, he’s not employed by the company).
The site collates information from data breaches and can tell you if your details have been compromised. A quick test on this reporter’s email found it had been leaked in 10 different data breaches involving companies like Adobe, Canva, and Tumblr (your results will vary and hopefully be lower). According to Mr. Hunt, the Facebook data breach included more than 2.5 million unique email addresses and over half a billion phone numbers. He said the data “is everywhere already” but noted concerns that he was the one helping people figure out if they were breached and not Facebook.“The service that suffered the breach should provide the data circulating publicly to its rightful owner,” Mr. Hunt wrote.
“Facebook, of all companies, has the resources to do this.” Rather than informing users if they were caught up in the hack, Facebook insiders spent the weekend instead downplaying its significance. Cybercrime intelligence firm Hudson Rock’s chief technology officer Alon Gal said Facebook demonstrated “absolute negligence of your data”. Facebook policy communications director Andy Stone retweeted a post from his colleague Liz Bourgeois saying it was “old data” from flaws the company fixed in 2019. The “old data” still includes current particulars like your phone number, email address, date of birth, and relationship status. In the wrong hands, ihe sort of information tould go past merely annoying and become dangerous.
On Tuesday, Kaspersky security expert Dmitry Galov warned that the information used in phishing attacks “would not be surprising”. “Attackers send malicious emails that appear to come from a trusted sender, for example, from the email address of your Facebook friend,” Mr. Galov warned. “Attackers could also use the information to impersonate the person whose data was breached. To stay safe from scammers’ wxplexploitings data, take extra precautions when you receive emails that seem strange – even if they appear to come from someone you trust. Never click on any links or attachments inside emails and always check for strange grammar/spelling errors (a sign that the email is not from the person it claims to be),” Mr. Galov advised.
1 Comment