To mark the start of April, Facebook saw over 500 million account details leaked from 2019. And now that your data is potentially out there, what can you expect?
Not everyone has a Facebook account, but over 500 million people do, and many people Facebook accounts might have had the shock of their life last week when they found their details could have been leaked.
It’s hard to confirm whether you’re affected, but with over seven million Australians affected by a recent leak of the Facebook database, and around 533 million affected worldwide, it’s probably safe to assume that if you held a Facebook account in 2019, your details might be out there. In fact, if you held one beforehand and cancelled it, those details might be included, too.
The story is a big deal, though one Facebook took a little extra time to comment on, noting that the leak didn’t come from a hack as such, but more of a scrape of Facebook’s database back in 2019. It means that close to two years ago, someone took advantage of a part of Facebook the company has now patched, and managed to scrape details from many accounts across the platform, and there were a lot.
Fortunately, the details don’t appear to be things like your password, so the good news is you might not need to reset that.
However, it did include things which typically don’t change, such as your name, email, and phone number, as well some things which you might have connected to your account that may, such as your job and relationship status. And that’s potentially not good news, because while the information is two years old, it’s still information that may be relevant, and may be used by people you didn’t want seeing it.
We’re not talking exes, but rather people who can turn this sort of data into a lucrative goldmine of criminal activity, especially since the leaked data is making money on the dark web.
“Cyber criminals conduct cyberattacks for a number of reasons. However on top of the primary motive of financial gain, we are seeing attacks evolved to disrupt the digital reputation economy,” said Noushin Shabab, Senior Security Researcher at Kaspersky in Australia.
“One of the intents here is to steal data to then sell on the dark web,” she said.
Someone out there is profiting from your data
You probably won’t find it, but it’s out there, with the portions from scrapes costing money. Someone out there is profiting on your information, even if it’s a little out of date.
That’s bad because of what the data represents.
Sure, it’s not the entire contents of your life, but it’s a part of it, and it can now be used for targeted scams.
Let’s say a lot of people in the list are single and live in the same suburb. A quick lookup on the database could reveal all the emails and phone numbers sharing that one specific thing, and target scams specifically for it. And that’s just the start. While details may change over the years, if you’re a part of the database leak, there’s now a possibility that a scammer has an ability to work a scam to you and others like you, with more chance of being successful.
Typically, scams are blind sends. A thousand people could get a fake JB HiFi SMS alert at once, and if the scammer is lucky, one percent will unfortunately fall for it and click. But with more accurate data, a scammer can make their message a little clearer, and that’s bad news.
“Given the variety of information accessed, we believe cybercriminals will use this data in many ways in the future, including for targeted phishing attempts and social engineering scams, as well as the creation of fake accounts and profiles to conduct fraudulent activity,” said Tim Falinski, Managing Director of Consumer for Trend Micro in the Asia Pacific region.
Are scams about to get worse?
If you’re having trouble reading between the lines, here’s the crux: following the Facebook leak, you can largely expect email scams, SMS scams, and phishing attempts to get worse.
While there’s no public information about who out there has purchased the database, the Facebook scrape may as well be a treasure trove for criminals looking for ways to make their scams more compelling, and more targeted. Ultimately, their aim is to fleece people more successfully, so a small number of people becomes bigger, and they make money.
Naturally, it means that staying aware of the sort of scams that are out there is still vitally important, and more than ever, you should think before you click.
“To reduce the risk of personal information being exploited further through follow-on scams, it’s crucial for Australians to familiarise themselves with how to spot phishing attempts and what to do if they receive one,” said Falinski, who advised avoiding clicking links sent via email or SMS, particularly if they’re suggesting a sense of urgency or threat that results in payment, or if someone seems too good to be true.
It’s also potentially a problem for friends and family, with Kaspersky telling Pickr that if accounts get compromised — which is something that can happen through these attempts — the waters can get murky for people connected to those accounts, such as people you know.
“If your account is compromised, hackers may start sending requests in your name. For example, they can tell your contacts that you are in an emergency and desperately need cash,” said Chris Connell, Managing Director for Kaspersky in Asia Pacific.
Where do we go from here?
Unfortunately, the Facebook scrape isn’t something you can necessarily do anything about, because the information is out there. Facebook says it has patched the flaw which allowed this to happen in the first place, it the information is out in the open and for sale on the underside of the web, so there’s not much anyone can do.
The good news is this hasn’t affected passwords, at least as far as we know. But if you’re concerned that it might have, you can always change your passwords to make sure for certain that your account is less at risk.
On top of that, it’s important to stay mindful of the emails and messages that come into your life. Don’t click on links randomly unless you trust the sender, and if you need to question the message, consider looking at the email address more in depth, or calling the company using the phone number located from a Google search to find out whether the message is legit.
The future of scams is murky, for sure, but they’re not going to let up any time soon, and that means you can’t, either. Stay aware of what’s coming in, and think before you click.