These days it became known that the personal data of more than 553 million Facebook users was leaked, including full names, emails, bio details, and in some cases even phone numbers. The leak affected people from more than 106 countries, including 2 million from Argentina, 13 million from Mexico, 10 million from Spain, 32 million from the United States, 11 million from the United Kingdom and 6 million from India.
Alon Gal, chief technology officer for cybercrime intelligence firm Hudson Rock, discovered that the leaked data was posted these days on a forum accessible to many cybercriminals. And he warned that this information could be used to carry out social engineering attacks and other types of hoaxes.
It should be noted that the disseminated data would come from a security breach reported and fixed by Facebook in August 2019, as explained to Infobae from the social network. The point is that although the vulnerability was corrected, the data that was leaked at that time as a result of that incident now took on a greater dimension after being published, for free, in a forum.
There are different tools to know if your data was exposed as a result of that incident. One of the best known options is to enter the site Have I been Pwned?, created by Troy Hunt a few years ago. On this site you will not only be able to know if your information was disclosed in the Facebook leak, but also if it was exposed by some other security breach of the many that occur in various applications and sites of all kinds.
For its part, the site Firefox Monitor, which is also updated with the multiple leaks that are released daily, allows you to verify this information. In both portals, it is enough to enter the email (in the case of Have I been Pwned, the phone number can also be used) for the system to indicate whether the data linked to that account was in any way compromised. It indicates which security breach affected the profile and what information was exposed.
There are other tools that emerged after the dissemination of the Facebook security breach but, according to the security researchers consulted, the veracity of the information they return cannot be affirmed at the moment.
In relation to this, Camilo Gutiérrez Amaya, Head of the Eset Laboratory, spoke of a page that refers to a CSV file that supposedly allows consulting the data affected by the leak. “We do not have information about the origin of the information, so we cannot guarantee the reliability of the information. Although there are more than 2.3 million records, the last lines of the file are at least ‘not serious’ and we have no information about where the data comes from ”.
He also made reference to another page that is circulating a lot on networks and supposedly has 66 million records (that is, it does not represent all the information on the leak). The site asks for the ID, URL of the Facebook profile or phone to indicate if the person was compromised. “In summary, it can be used since it does not try to steal user information, but we could not guarantee the veracity of the information it returns,” he stresses.
In this sense, it is best to use systems such as those mentioned above (Have I been Pwned or Firefox Monitor) that have been used for a long time and have an endorsement in the computer community. Beyond that and beyond the fact that the data is exposed, the following precautions must always be taken to take care of security:
1. Do not use the same password in all the profiles or accounts that you have
2. Enable the second factor of authentication
3. Avoid downloading the app outside of authorized digital stores
4. Do not download files or enter links that arrive by mail or messages
5. Keep the operating system updated and have a security solution
6. Be informed of cybersecurity incidents that occur and how to protect yourself
In addition to all this, and taking into account that a database with a significant volume of personal data is circulating, We must be wary of any phone call that is received seeking to access more personal information, requesting bank or other access codes or whose purpose is to exercise some type of extortion.