In another major privacy breach at Facebook, the leaked data of 533 Million users across 100 countries has been leaked online. This database was first leaked in 2019 and was sold on Telegram. Facebook had then said that it had patched the vulnerability but in June 2020, the same data was leaked again.
The leaked data includes gender, names, occupation, bio, relationship status, date of joining and in some cases phone numbers and e-mail addresses. Know more about the breach and what you can do if your account is compromised:
Sam Curry, Chief Security Officer, Cybereason
When 25% of any company’s users are potentially exposed to computer fraud and identity theft there is reason for privacy concerns. But when it becomes half a billion people in more than 100 countries and the company is Facebook, the largest social media platform in the world, users have every right to be concerned.
This new breach involves old data from a 2019 incident that Facebook reportedly resolved, but it would be foolish to believe that previously exposed data would disappear from dark web forums, where it has been for sale for over two years.
This is not the time for Facebook to play the victim and they only have two options, hero or villain. Many see Facebook as an industry villain and their minds will not be changed, but this is another time for Facebook to face its challenges head on, update users on their privacy policies and continue doing everything possible to protect their data.
In the big picture this is just another day and another breach and once again privacy is the victim. Whether it is one Billion or one Trillion users, this is another blow to our collective privacy.
Consumers should be working under the assumption that their private information has been stolen by hackers ten times over. Consumers should be regularly checking their credit for abuse and constantly checking their credit cards for unusual and unauthorised activity. As an industry, until we can start making cybercrime unprofitable for adversaries, they will continue to hold the cards that will yield potentially massive pay-outs.
Ammar Enaya, Regional Director – METNA, Vectra AI
This most recent Facebook breach adds to the history of Facebook breaches and privacy violations ranging from developers improperly accessing data to the Facebook app secretly accessing users’ cameras while they read their news feed.
In fact, most Facebook users are not aware of an authentication mechanism that will allow users to sign into third-party websites and apps using their Apple ID. This is similar to the near-ubiquitous Log in with Facebook function, Google has something similar, that lets people avoid creating new credentials for every website by using social-media logins. This Log in with Facebook can be convenient, but it also can come at the cost of your privacy, your personal information sometimes get shared behind the scenes and these logins can be used to track you.
If your Facebook account has been compromised, click here.
In addition, consider following these best practices to protect yourself against financial scams:
- Robocalls from Credit Card Services are all scams
- Never volunteer personal information or account data to a phone agent who calls you out of the blue
- A legitimate bank contacting you will always welcome your callback to confirm they are real
- With a little practice, fake phishing emails from banks or credit agencies are not so hard to spot. Look for bad grammar and typos, or hyperlinks that reveal weird, unknown URLs on mouseover, never click through without mousing over first.
- Change your passwords regularly and don’t use the same password for multiple financial accounts
- Read your monthly credit card statements and flag purchases you do not recognize. Most banks make it easy nowadays to dispute a sketchy charge to your card
- Watch your credit report for unfamiliar accounts or inquiry reports
Jacinta Tobin, Vice President of Cloudmark Operations, Proofpoint
The online leak of personal information will undoubtedly result in a marked increase in smishing attacks. It is a trend we have seen continue to grow, especially during the pandemic, with smishing messages already increasing by 300% each quarter over the past twelve months. And while the attackers are primarily targeting consumers, we have noticed a concerning rise in attacks on organisations as well, with over 81% reporting an attack in 2020.
These text message mobile scams often use fraudulent branding combined with urgency and a request that a user click a malicious link. Consumers trust mobile messaging and they are much more likely to read and access links contained in text than those in email. This level of trust paired with the reach of mobile devices makes the mobile channel ripe for fraud and identity theft.
To combat these attacks, we recommend that users first ensure they are on the Do Not Call Registry and re-confirm their entry even if they believe that they previously signed up, as the registry also applies to text messages. In addition, we encourage mobile users to use the spam reporting feature in their messaging client if it has one.
Consumers need to be very sceptical of mobile messages that come from unknown sources. And it is important to never click on links in text messages, no matter how realistic they look. If you want to contact the purported vendor sending you a link, do so directly through their website and always manually enter the web address or URL. For offer codes, type them directly into the site as well. It is also vital that you do not respond to strange texts or texts from unknown sources. Doing so will often confirm you are a real person to future scammers.