Bad news for people who use Facebook today, as a hack it has since patched up has seen account info leaked worldwide.
There’s some startling news to start the week, as a Facebook hack detailing account information has been unleashed, and it’s a big one.
In a tweet by the Co-founder of security company Hudson Rock, a treasure trove of Facebook account details can be found for sale on the dark web, detailing the information linked to 533 million Facebook accounts. While your Facebook password doesn’t appear to be included, it does likely mean that anything linked to a Facebook account may be available in a public domain, and potentially anyone else who pays for it.
https://twitter.com/underthebreach/status/1378314424239460352
According to the tweets, the 533 million accounts include just over 7 million in Australia, with details attached such as name, relationship status, email address, and phone number.
The unauthorised access reportedly comes from a now patched hack to Facebook that allowed bots from another service, Telegram, to query Facebook’s database and essentially scrape data. That now appears to have resulted in a massive database scrape, with millions of accounts being leaked to a hacking forum for sale
In a related report, Business Insider reviewed some of the leaked data and verified some of the records, with a Facebook spokesperson noting in the report that the vulnerability that this hack exploited had been patched two years ago in 2019, suggesting the data in the scrape is close to two years old. While that might mean some details have changed, it also means much of what’s in there could be just as relevant now as it was two years ago.
We’ve reached out to Facebook to find out what this means for users in Australia and elsewhere, as the company has yet to provide a public statement, however we’ve not heard that passwords were attached, so it doesn’t likely mean your Facebook account is or has been broken.
The database leak does highlight some of the perils of data security on services, with hacks occurring often enough these days, though not typically with quite this much information. While email addresses are common in jacks and leaks, evident from how often we all need to replace our passwords, they’re typically not connected with phone numbers, job titles, and marital statuses.
However, this abundance of information does mean that details could be out there for scammers and cybercriminals to take advantage of with some serious repercussions. As such, it wouldn’t take much for a criminal to link marital status, email address, and phone number to create more targeted scams designed to be more convincing, and possibly use other linked information to make criminal threats.
Facebook scams are already common enough, and typically use phishing attempts to get you to pass over your real details, while fake friends are built to propagate other scams, but this sort of information could make both of those plays a little more specific.
With this in mind, we’re largely expecting scams to become more direct, and may mean you’ll need to keep your wits up in order to not get scammed.