In the Digital Age, what we need most is security. But unfortunately, it turns out, we’re not at the mercy of anonymity. Our personal data is out there, falling into the hands of those we’ve never even heard of, those we’ll never even utter. A recent CBS News post proves word for word what we said here.
According to the CBS News publication, the personal details of more than 500 million Facebook users – including full names and phone numbers – were released on a web forum earlier this week. In addition to these personal details, private data that was not listed on the social network were also shared, including ID numbers, location information, workplaces, gender information and other details.
As shown by the information that was made available in the report produced by CBS News, the leaked data were available in a public forum used by hackers. The presence of the data was discovered by Alon Gal, a member of Hudson Rock Security. Gal made the information public after posting the incident on Twitter.
In addition to noting the presence of the data on the forum, Gal also noted that one of the hackers using the channel created a Telegram bot, which, for a small fee, allows interested parties to search for certain information using just phone numbers. The database that was hacked contains almost 533 million personal information of users from all countries. Of this total, 32.3 million pieces of information are from people in the US and 11.5 million in the UK.
“This is old data, it was leaked in 2019,” a Facebook spokesperson said in an interview with CBS News. “We found and corrected in the same year.”
For Larry Dignan of ZDNet, this argument does not hold up. “Phone numbers, Facebook IDs, full names and birth dates are unique data, meaning they never change. This data has no validity, does not expire and, therefore, is valuable for cybercrime, regardless of the date it was leaked”.
According to the CBS News report, social media data breaches like this one have lasting implications. In both 2012 and 2016, Russian cybercriminals hacked into LinkedIn, the social network aimed at professionals. Over 100 million personal records have been collected and subsequently sold. Although LinkedIn has strengthened security, personal data is still stolen by criminals and hackers.
How to find out if your data was leaked
Finding out if your data has been leaked is not that simple, after all, there are few legitimate methods to exploit such a breach. Although the complete data package is publicly available for download on Facebook – there are 106 files in all – and accessing it is considered a violation, as it violates the Computer Fraud and Abuse Law.
Verifying, via the Telegram bot, that it was created to sell individual records is also not feasible, as using it to search your own records may be illegal. The best way here would be to monitor your email seeking scams phishing or sign up for a credit monitoring service.
There is, in the meantime, another option: register and search your personal information on one of the websites maintained by the National Conference of State Legislatures. The agency tracks data breaches through a number of portals.
To mitigate future intrusions, the best option is to change passwords frequently and enable email authentication. Password wallets, such as LastPass and 1Password, can help you securely manage unique passwords and will also notify you if a password is weak, reused, or compromised.