Facebook users, be warned: a hacker might be giving away your personal information to other people virtually for free.
To learn if your personal data was compromised, Business Insider’s Aaron Holmes suggested in an article to check whether your information was exposed using free online tools such as HaveIbeenPwned.com. The website, run by security analyst Troy Hunt, lets anyone enter their email address and cross-references it with more than 10 billion accounts compromised in past data breaches to determine whether they are “pwned” or compromised.
Since January 2021, a database that contains Facebook-linked telephone numbers of 533 million users along with an automated bot that will provide phone numbers of any Facebook user in exchange for a price was making the rounds between various hacker circles according to a report by Joseph Cox of Motherboard, Vice’s tech publication.
Recently, however, Reuter’s Raphael Satter reported that a leaker from a well-known forum for low-level hackers published a post that contains data from the same database for free. Alon Gal, CTO of Israeli cybercrime intelligence firm Hudson Rock, first discovered the leak on 3 April 2021 when another user in the same hacking forum advertised the same automated bot Motherboard reported on the forum.
The hacker who posted the information of millions of Facebook users for free gave a list that contains the compromised users’ personal information such as phone numbers, Facebook IDs, full names, location birthdates, and even email addresses in some cases according to a separate report by Aaron Holmes. Alon Gal had independently verified the leaker’s information by comparing the list against phone numbers of people he knew according to Satter.
There were also cases in the past when passwords were also exposed in data breaches. HaveIbeenPwned.com also provides a password search that will inform people if their passwords have also been compromised by hackers.
An ounce of prevention, or in this case, protection, is better than a pound of cure regardless if your personal information was compromised. Holmes advised people to change their email’s password and set up multi-factor authentication to secure their account if their email address was exposed. If your password was exposed, you’ll have to change your account’s password along with the accounts that use the same password.
If more sensitive information was illegally acquired and exposed, such as your social security number or drivers’ license number, you’ll have to file a report to the appropriate government agency.
Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky advised people to immediately contact their internet service provider (ISP) as soon as they discover unauthorised access to their accounts. Doing so will not let them be held accountable for anything that happens as a consequence of the unauthorised access. Additionally, in Facebook’s case where old personal data has resurfaced online, Yeo Siang Tiong recommended that one should “hedge against the long-term consequences of identity theft” by monitoring their financial activity due to it being “a perennial area of interest” for many cybercriminals.
Facebook has yet to disclose its response to the data breaches to the public as of this article’s publication.
Written by John Paul Joaquin