An unexpected Easter gift appeared on the hacker discussion forum on Saturday – phone numbers and personal data of more than half a billion Facebook users. What does this mean for you? How to find out if the database also contains your sensitive data? And most importantly, what can you do about it?
The simplest is the answer to the third question: nothing. The data was stolen from Facebook sometime before 2019, when the company only managed to plug a software hole, thanks to which someone could fish it with a digital pail with a capacity exceeding 500 million souls.
And when something wanders the Internet for over two years, you never get it under control again. After all, it’s almost impossible to get back control over anything that wanders around the Internet for more than two seconds (politicians whose hastily deleted tweets leaked to the media could tell).
The answer to the second question – how to find out if the leak also affects your sensitive data and you are among the approximately 1.4 million domestic users that Facebook was unable to protect – is more promising.
If you do not want to download the entire database of a mastodont size of twenty gigabytes from the hacker forum, it is best to use the famous page with a concise name Have I Been Pwned? – that is, in the slang of online game players “Did they get me?”.
It is a renowned website that tracks all published “leaks” of passwords, e-mails and telephone numbers. For example, if you enter your e-mail in the form, the website will spit out all the cases where a hacker has already made a meatball out of it, including data leakage from Facebook.
If you use the same mail for a long time, you may be surprised at how popular it is in the dark forests of the Internet. However, as the media head of the Trou Hunt website pointed out, the leaked database from Facebook is only 0.5 percent e-mail addresses.
Most of the database consists of telephone numbers, so the Have I Been Pwned offer has been promptly expanded to include searches. And thus we are back to the first question from the introduction: what specific threat does this particular data leak pose?
In the hands of hackers, personal data is a double-edged sword. They can be abused both against their former owners and against unsuspecting third parties. In the first case, in the form of scams, where they will collect additional data from users based on those they already have from them.
In the second, they can use the data to impersonate someone else’s identity for fraud on someone else.
What is the main lesson of the whole incident? Let the massive leak be another of the many reminders that personal data is safe in the bowels of Facebook, like a lollipop factory with an open roof in a landscape where wasps have multiplied.
Facebook and user privacy are not and have never been compatible terms. The current question is what Zuckerberg’s software behemot does. Many countries, including the United Kingdom, Ireland, Turkey and some US states, have already launched investigations into the current leak.