So, you think you’ve been PWNed?
This week, reports of data dumps were rife as it was revealed that upwards of 500 million people across the globe had their personal information shared on a hacking website.
The breach in question occurred through Facebook leading to the names, phone numbers, and email addresses of 533 million people across the globe becoming readily available online. It is thought that 1.5 million users in Ireland have also been affected by the dump.
Despite privacy measures being consistently updated across Facebook and its affiliated sites, it is thought that this leak occurred in 2018 or 2019, before the introduction of GDPR.
Ireland’s Data Protection Commission (DPC) is currently investigating the hack. In a statement, they said: “A dataset, appearing to be sourced from Facebook, has appeared on a hacking website this weekend for free and contains records of 533 million individuals.
“A significant number of the users are EU users. Much of the data appears to been data scraped some time ago from Facebook public profiles.”
So, how can you tell if your personal details have been leaked as part of the hack?
Facebook has not yet confirmed whether they are going to be contacting users directly about the breach, so it may be a good idea to check out whether your personal information has been shared elsewhere.
Popular and long-running data breach website ‘Have I Been Pwned?’ allows users to input their phone number or email address to check whether their information has been involved in a data dump.
Not only will the site confirm whether or not your information has been shared elsewhere, but it will often also provide information as to what breach you information has come from. In this case, if your details were included in the Facebook breach, the site offers the following message:
“Facebook: In April 2021, a large data set of over 500 million Facebook users was made freely available for download. Encompassing approximately 20% of Facebook’s subscribers, the data was allegedly obtained by exploiting a vulnerability Facebook advises they rectified in August 2019.
“The primary value of the data is the association of phone numbers to identities; whilst each record included phone, only 2.5 million contained an email address. Most records contained names and genders with many also including dates of birth, location, relationship status and employer.
“Compromised data: Dates of birth, Email addresses, Employers, Genders, Geographic locations, Names, Phone numbers, Relationship statuses.”
Along with 500 million other people, this writer’s information has unfortunately been included in the recent breach, as per the above image.
Facebook have not yet contacted me about the breach, although I did receive a questionable phone call from the Czech Republic last week, so that explains a lot.
So, is there anything victims of the hack can do to protect themselves?
The most important thing is to be reactive: if you receive any phone calls from unknown numbers or emails from unknown email addresses, hang up the phone or delete the email. Never give any personal information, such as bank information, over the phone.
It is not thought that this leak will lead to more phishing attempts, but it may allow phishers to appear more credible as they could now have access to your mobile number or other personal data.
Secondly, if you are unsure as to whether a call or an email is legit, do not respond. Rather, go seek a legit contact number for the organisation in question and contact them that way to see whether they had been in contact with you.
The vast majority of such organisations, like banks, will never ask you for personal details off the cuff, unless you have been in contact with them first.
