:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/RQRUH6TNHG5CPG35YAVTUJNRL4.jpg)
:quality(70)/s3.amazonaws.com/arc-authors/irishtimes/850d265f-5198-4767-aa62-36b3b810588d.jpg)
Have you been hit by the Facebook data leak? Last week the personal data of more than 500 million Facebook users was leaked online again, and the consequences for Irish users could be far-reaching, from the annoying spam phone calls to an increased risk of identity fraud.
When did the leak happen?
Facebook says the data leak was an old one that had resurfaced, with the initial incident discovered in 2019. Facebook said it fixed the vulnerability that was exploited back then. However, once the data is out there, it’s very difficult – impossible, really – for Facebook to control what happens to it and who has access.
The list of Facebook-linked phone numbers has apparently been in circulation since January among hacker circles.
What is out there?
The data leak included Facebook IDs, names, locations, birth dates, some email addresses and, crucially, phone numbers.
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/EXU2V3KSWKINWCKH3TIYMNXD6Y.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/6VGLRBM2JGEVPLQSUABH2VCLPU.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/VTXV73SBLWSATHIXK3G55F5PSE.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/K36UVO26H7S7BNRZXM2LZXEM2Y.jpg)
That last one is particularly concerning because many people use their mobile phone number for two-factor authentication services, or for password resets for online accounts.
Anecdotally, friends whose numbers have appeared in the leaked list have been hit with an increase in spam calls, mostly from the United States, in recent days.
Why is it back in the news now?
Typically, a database of valuable information such as that leaked from Facebook won’t be shared right away because those who have it will want to make as much money out of it as possible. But on Saturday that data appeared online for free, potentially exposing hundreds of millions of users to a range of spammers and scammers.
Reports over the weekend said it was available on a hacking forum, making it widely accessible to anyone with basic data skills.
How do I know if I’m affected?
You could download a copy of the database that is circulating online, but it is 20GB in size. That’s a lot of data to wade through.
Luckily there are plenty of tools to make the job simpler. One of the best tools online for tracking your exposure to data breaches is HaveIBeenPwned.com. That has now been updated to include the Facebook breach, and to allow you to search for your phone number instead of just by email address. On the site, put in your phone number, including the country code into the search box. So if your number is 086 000 0000, enter 353860000000. Click the "pwned?" button and if you have been affected by the data leak your number will appear in the database.
What can I do to protect myself?
Be more vigilant when it comes to giving out personal details online. The data that is currently being shared online could be used to target affected users with phishing scams and other fraudulent activities. Watch out for unusual activity on your online accounts too.
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/sandbox.irishtimes/GW3FWAURWFGM7FF4RMYJLBG7ZI.png)