A newly discovered breach in Facebook security exposed at least 267,140,436 users. To make matters worse, the hack, which was discovered via a partnership between Comparitech and security researcher Bob Diachenko, appears to be
Seems associated with a criminal organization. The hackers involved appear to have originated from Vietnam. Most affected are in the United States.
The hack included sensitive information including users' unique Facebook ID, phone number, and full name. Each entry also included a timestamp, which also indicates that the information captured is correct.
Where was the data discovered and what are the risks?
The assumption that a criminal organization was involved in the attack stems from how it was discovered. Initially, bad actors posted the data on December 12th to a hacker forum and it was indexed for the first time on December 4th. This is presented as a downloadable database.
After Mr. Diachenko discovered the database and the server, featuring a landing page with a login and a welcome note, a report of the abuse was sent to the ISP responsible for the server's IP address. The researcher reported the problem on December 14th. The ISP made the database unavailable as of December 19. The exposure only lasted for two weeks.
It is not immediately clear how the attackers came to possess the data in question. There are several possibilities, including stripping from publicly accessible Facebook pages and profiles. On the contrary, the data may have transferred somewhat before Facebook's 2018 policy changes. The API granted access to user information such as phone numbers.
Finally, Mr Diachenko points out that information could be from a Facebook security vulnerability that still exists, despite API changes. Facebook's recent record with user privacy and protection hasn't been excellent, which has increased the number of possibilities exponentially.
Due to the sensitive nature of the information captured, the biggest risk is SMS phishing attacks.
The Facebook ID's unique identifier, in particular, makes it easier for a bad actor to discover more information for committing these types of attacks. In fact, this means that it makes it easier for malicious entities to attempt to defraud users of other personal information. The end result of this can often be financial loss or identity theft.
Bad actors may also try to use spam-based attack data with the types of information captured.
If you still use Facebook, then you need to protect yourself
For those who choose to continue using Facebook, preventing the potential means by which data has been revoked or stolen is not impossible. Users can reduce the data jammed in their account's privacy settings - which is found by going to 'Settings' and then clicking on 'Privacy.'
Big changes cause users to make adjustments to who can view the data publicly. For starters, the researchers say, each field in the privacy settings should be set to either "me" or "friends."
Finally, the setting should be changed which asks if users want search engines to be able to link to the profile. Users need to set this to "no" to prevent cancellation from basic internet search results like Google. It may also be a good idea to adjust similar settings in other applications that can be found. This will at least make it more difficult for users to get hacked when implementing tactics similar to those used in the last Facebook breach.
Tags:
events