7.3 million Australians have been affected by the Facebook data breach
On Saturday, the personal information of 7.3 million Aussie Facebook users was leaked in a major data breach that included phone numbers, account IDs, full names, and physical locations of over 533 million Facebook users.
The leak was first spotted in January by Alon Gal, Co-Founder of the Israeli cybercrime intelligence firm Hudson Rock, who discovered an automated Telegram bot was selling sensitive data in online forums.
Personal information was originally sold for $20 by bot accounts, reaching $5,000 for bulk buyers. Since the start of the weekend, this information has been made publicly available and free. Now, any person with basic internet skills and access to Google can retrieve personal information about anyone.
For Australians across the country, the knowledge that up to 63% of all Facebook accounts have been included in this breach should be worrisome. To begin with, having this information out in the open leaves people vulnerable to exploitation.
On Twitter, Mr Gal shared some of the dangers of this data leak, “Bad actors will certainly use the information for social engineering, scamming, hacking and marketing.”
If a hacker were to gain access to an email, for example, they might be able to log into private accounts by using password pairing - for Aussies with simple passwords (e.g., “password123”) it might be time to make things a little more complicated.
Furthermore, a hacker may use ‘smishing,’ or SMS texting and phishing, which disguises itself as a reputable company to encourage people to share private passwords and credit card numbers. Also, these bad actors may spread malware and unsafe links via text messages.
Although this breach has been made public since the weekend, Facebook has worked to minimise the data leak – claiming to have patched the problem in 2019. In a recent statement, Facebook has called the data “very old” although most people do not change their phone number or email address that often.
The failure of Facebook to notify over 533 million people that their data has been leaked opens them to new harm: It is important users are aware of the breach so they can protect themselves from scams or fraud.
As good practice, be wary of unsolicited text messages and unusual behaviour on your accounts.
If you would like to check if you have been included in the recent data breach, this tool from haveibeenzucked.com allows you to insert your phone number. For Aussie numbers, insert your international area code before inserting the phone number (+61).