Facebook has been involved in a new security problem, since the data of 530 million accounts have been leaked, of which 11 million correspond to users in Spain. Sensitive information that is available free of charge and within everyone’s reach, which can cause a huge wave of scams.
A user has offered in a well-known forum frequented by cybercriminals a file with the data of the leaked Facebook accounts. An information that contains phone number, full name, the identifier number of the social network, locations, date of birth, relationships, places of work and email addresses of those affected.
Mark Zuckerberg’s social network has always been in the eye of the hurricane for safety, but this latest development can cause even more upset considering that it is very valuable and dangerous information if it ends up in the wrong hands. The problem is that the leaked data is available to anyone, and in the hands of hackers result very useful for social engineering attacks.
“The telephone numbers are the most important data that have come to light, although there are cases in which there are more details. The problem is that this information can be use against the user to make a scam more credible. Anyone can download the file and use the database to their liking “, informs Eusebio Nieva, Check Point’s technical director for Spain and Portugal, to OMICRONO.
It should be mentioned that this attack on Facebook is not new, even the social network itself has ensured that it is old data that was reported in 2019 and whose vulnerability was fixed in August of that year. Although it is possible to know if an account has been affected or if the phone number has been leaked, this situation is a serious problem, since a database of that size can be used by cybercriminals to carry out scams.
“If someone finds a quick and easy way to exploit that data, in theory there could be a campaign of attacks. But it can also happen that nothing happens. However, that anyone can have this data is not going to be beneficial for users because they may be exposed to scams, “explains Nieva.
Social engineering is an attack based on tricking a user into obtaining their tax data and other information to commit fraud and scams. A technique that has several branches and that is really dangerous, since victims do not usually realize that they have been manipulated until it is too late.
“Apart from the direct problems derived from the leakage of personal data, the greatest risks for those affected are targeted phishing campaigns, either by email, by SMS or by phone calls, “explains Daniel Palomar, cybersecurity engineer, to OMICRONO.
Currently there are several social engineering attacks and some of them can take advantage of this massive leak. For instance, the phishing it is one of the most used techniques and with it they seek to “fish” victims. Cybercriminals generally use emails with attachments to fraudulent pages with the intention of taking control of victims’ devices to steal confidential information.
The smishing it is also another technique that criminals could use, since it is a variant of the phishing that is disseminated through an SMS. In this way, criminals ask the user to call a special rate number or access a link from a fake website to carry out their scam.
Another technique that cybercriminals could use with all the information in Facebook accounts is the vishing, consisting of phone calls in which “the attacker impersonates a trusted organization or person in order to make the victim easily sting and reveal private information”, indicates Eusebio Nieva.
“A common attack would also be request verification code by SMS used to recover passwords or accounts. For example, many thefts of WhatsApp accounts occur like this, when said code is shared with an attacker thinking that it is directed at the application itself. A technique with which you can also steal accounts from any other platform that requires a verification code, “explains Daniel Palomar.
How to protect yourself
One of the biggest problems with this leak is that these attacks will now be more difficult to recognize. “Some tricks they have to know if it is a scam or not, with this filtration they no longer work. For example, if the communication is not directed to the user specifically, it is a sign of phishing. But now the criminals already know the name and phone number, so they can be more specific with the data they give and make the attack more credible“, informs Eusebio Nieva.
To protect against these types of social engineering attacks, in addition to changing the password, “it is recommended that you never reply to SMS with the requested temporary code. In addition, you also have to avoid accessing unknown links that arrive by email, SMS or social networks. Logically, you don’t have to click on those links that request personal data “, explains Daniel Palomar.
However, “the problem is that if you continue with the same phone number and it has been leaked, the attacks are there. Therefore, nothing can be done. In that case, it is important suspect what is received and perform a second check. The user has to be in a healthy distrust of who calls him and why. Not believing what they are being told and always checking if it is true, “concludes Nieva.
Many times use common sense It is what can rid a user of many security problems that affect their data and information on the network, according to the two cybersecurity experts. It is also important to take certain security measures on a Facebook account, whether or not it has been affected by the leak, such as activating two-step verification.