This is one of the biggest data breaches in recent years. Personal information associated with nearly 533 million Facebook profiles has been circulating freely on the Internet since the beginning of April. Resulting from a security breach dating from 2019, they were on sale on Telegram private messaging since the beginning of the year before being published on a specialized forum in recent days.
This gigantic database contains the information of nearly 20 million French people, the vast majority of the nearly 27.5 million French users of the social network in 2019. These are mainly phone numbers associated with Facebook profiles. There are also sometimes email addresses as well as elements entered by users on Facebook such as gender, city, marital status or profession. If you were on Facebook before the end of 2019, there is a good chance that your number will appear in this giant directory.
There is a quick and easy way to check if your information has been compromised by this incident. The site HaveIBeenPawnd compiles databases exposed in cyberattacks in recent years. It has been updated with the Facebook leak database. A search engine allows you to type in your phone number (preceded by the international code +33 for France) or your email address to find out if they are contained in the file or not.
Ask yourself what can leaked data be used for
What if your phone number is in the database? The first thing is to bear in mind that the information in the file is lost forever. They are already actively circulating on the Internet.
The important thing is to measure what it is possible to do with these elements. A number can be used to do telephone canvassing, which is not very problematic in itself. But it can also be used to complete a user profile that already has an address, an email, a date of birth or even an identity document that would have leaked previously, which becomes much more worrying.
In addition, it is obvious that the loss of the telephone number does not have the same importance for Mrs. Everybody as for a public figure, celebrity or business executive, who will be forced to change their number quickly so as not to be annoyed by unwanted solicitations and targeted attacks. According to the first analyzes of the file, the database contains, for example, the numbers of Mark Zuckerberg and four members of the French government.
Watch out for phishing attempts
As we explained in a previous article on the subject, the information in this leak is of interest to hackers because it is likely to still be relevant and continue to be for some time. Usually we change little email or phone number.
This data will probably be cross-referenced with other information to refine profiles and mount more or less targeted scams or fraudulent activities. As they are linked to Facebook identifiers (often a surname and a first name), the telephone numbers may be supplemented by information relating to the centers of interest of the users concerned and any other data left freely accessible on their account. Cybercriminals can integrate these elements into their fraudulent messages to appear more credible or even use them to impersonate the victim.
The main threat caused by this data leak is to be the subject of phishing attempts, by email or by SMS. It is therefore important to continue to be vigilant about the messages you receive on your phone and your computer, to verify scrupulously the identity of the sender, not to click on the links contained in the messages and to privilege the official channels to answer the requests. An upsurge of “ping call”, premium rate numbers that cause a phone to beep in order to be called back, is also possible. If in doubt, do not hesitate to seek advice from a loved one.
And at the risk of a SIM card scam
To a lesser extent, the loss of the phone number also exposes Internet users to the SIM card scam, which consists of contacting a telephone operator by pretending to be the owner of the line to request that a new card be sent. SIM. The latter can then be used to access the victim’s services using double authentication as additional security for the password.
In France, operators are supposed to require an identity document before providing a SIM card in the store. They must also carry out verifications in the event of a request by telephone. And after sending, a SIM card must also generally be activated from the user’s personal space on the operator’s site protected by a password. This type of scam can therefore only be carried out if several elements relating to the identity of the individual (identity paper, proof of address, tax form, etc.) are already in the hands of the hacker.
If you feel that the presence of your phone number in this database could be prejudicial to you, do not hesitate to change number. Some operators agree to do this without changing their plan. Otherwise, the easiest way is to subscribe to a new offer. And think whatever happens to regularly renew the passwords of your accounts on the various online services. You can never be too careful.