Phone numbers of over 500 million Facebook users leaked online for free
Information stolen by cyber crooks from Facebook in a 2019 data breach, including mobile phone numbers, is now being offered for free on a hacking forum, increasing the chances that a variety of crooks will be using that information to try and scam Facebook users.
Last week, security researchers found a large haul of data containing personal information on Facebook users being offered for free on a hacking forum. The information included private mobile phone numbers that had been paired with the respective public information scraped from Facebook accounts including name, email address, date of birth and gender.
Investigations by security researchers and Facebook thus far indicate this information was stolen back in 2019 in a reported vulnerability that Facebook now claims to have fixed a few months after the vulnerability was discovered.
The data went on sale in June 2020 with a hefty price tag, but now the information is being offered for free on a hacking forum website, making the data widely available to all sorts of cyber crooks.
Sponsored Content. Continued below...
The approximate timeline of the relevant events are as follows…
– 2019: Crooks use a vulnerability in the Facebook “add friend” feature to steal the private mobile numbers of over 500 million users.
– August 2019: Facebook reports to have disclosed and subsequently fixed the vulnerability.
– June 2020: The stolen phone numbers are, somehow, paired with corresponding user data (possibly public data on Facebook scraped by automated software) including full names, date of birth, email address and gender. All of this information then goes on sale on a hacking forum.
– April 2021: The information is now offered for free on the same hacking forum, making it available to many more cyber crooks looking to exploit the data for financial gain.
The stolen data include information on over 11 million UK users and 32 million US users.
The good news is you can find out on the website HaveIBeenPwned to check if your email or phone number was leaked in this breach (or other breaches.) Just enter your number or email address and you can see if it appears on any leaked data dumps available online that have been passed between cyber crooks.
The leaked data can be used to initiate phishing attacks
Having this amount of information about users available to any cyber crook with an Internet connection is never a good thing. That’s because crooks can use it to launch a number of phishing scams. So you should be especially wary of suspicious emails, text messages and phone calls. There is no better time than right now to educate yourself about common phishing scams.
The more information a crook has about you, the most convincing they can make their phishing scams. And since this treasure trove of information that’s just been made available to any-and-all cyber crooks is focused around stolen mobile phone numbers, it’s inevitable that this will see a rise in scam phone calls and phishing text messages (smishing).
Sponsored Content. Continued below...
For phone call scams, we’re likely to see a rise in old favorites including technical support scams, “we’ve charged your account” scams and threatening “you haven’t paid enough tax” scams. We will also likely see a rise in any number of SMS phishing scams asking you to click links leading to spoof websites that are designed to trick you into entering your personal information.
These are all popular scams but are even more dangerous when the scammer has a victim’s personal information at hand to make the scam even more convincing. We are, after all, more inclined to believe someone when they seem to know lots of information about us already.
Remember, don’t click on links in emails or text messages, and don’t feel pressured into handing over personal information about yourself to someone over the phone. And never feel pressured into handing over money to someone who called you unexpectedly, no matter how convincing their story. If you’re unsure, always seek help first.