Social media giants ask their users to hand over data, and to trust that it will be stored securely. But that trust isn’t always justified. A database containing information on 533 million Facebook users was recently found online. The database was operated by a bot which, for a fee, would allow people to match a phone number with a Facebook ID. How did this happen, and what can you do to protect yourself?
According to a report by Motherboard, the breached data is related to a security vulnerability that Facebook patched in 2019. The phone numbers might be a couple of years old, but since people don’t change them often, most are probably still active.
The information on the database was up for sale when it was found. A phone number or Facebook ID would cost one “credit”, the equivalent of $20. However, buyers could save money and purchase 10,000 credits for just $5000.
When supplied with a Facebook ID, the bot would be able to return the user’s phone number. Likewise, if the buyer already had the phone number, they could use that to access the owner’s Facebook ID. Data was available from users in the US, the UK, Australia, Canada, India, and other countries.
Since Facebook has around 2.7 billion monthly users, this breach could affect 1 in 5 of its user base.
It's easy to assume that a phone number isn't of any use to a cybercriminal. In reality, anyone who gets your number through this bot also knows your Facebook ID. When combined with information scraped from your social media accounts, your phone number can allow hackers to launch a variety of scams against you and the people you know:
It’s tempting to post family pictures, job updates, and details of your daily routine on social media. However, we strongly recommend against it. The more information you share, the more likely that one day somebody will use it against you.
If you can’t live without social media, at least make sure that your profile is private, use a strong password, and be wary of any stranger making contact with you.
There are a lot of different services that might ask for your phone number, from a fitness app to an online store. Unless it’s absolutely necessary, avoid giving away your phone number. Try using a separate phone for work, too, as the employees of large companies are often targeted by criminal organizations.
If you’ve received an SMS from your bank, hospital, or any other institution, don’t rush to click on the link; it could be a malware trap. Do your research, call the sender if possible, and make sure that the message is legitimate. Look for any grammatical mistakes or unusual formatting.
While this isn’t an option for everyone, the best protection is to ignore any messages that ask you to follow links.
It’s common to receive a call from your insurance company, internet provider, or real estate agent. However, if they ask you to share your passwords, personal identification number, or credit card details, it’s a red flag. Such sensitive information shouldn’t be discussed on the phone, even if the caller is not a fraudster.
You can enhance your privacy by going through your social media settings. Enable two-factor authentication, block any suspicious senders, remove your profile from Google Search, and limit the way people can find you. Having decent antivirus software and using a VPN will also benefit your online privacy.
Learn how to protect yourself and stay one step ahead of hackers. Sign-up for our monthly newsletter!