Facebook data is precious for the social network but also for the hackers who had managed to exploit a loophole in 2019. These data, which concern some 533 million accounts, are now disseminated on the web for a derisory sum. Here are a few questions and answers to find out if you have a Facebook account.
How could this data have been stolen?
A security breach on Facebook’s servers is at the origin of this data theft but the information does not date from today since this vulnerability was exploited in 2019. That same year Facebook corrected the problem but the stolen data is still circulating.
What account information is in the hands of hackers?
The database may contain users’ Facebook credentials associated with their name and phone number. Sometimes there is also other information such as email address, date of birth, country, love status, place of work and gender. Each hacked account does not necessarily have all of this information in full, but only that available in the account at the time of the hack, i.e. in the first half of 2019.
Where is this data distributed?
Hacked databases are traded in various places on the dark web or through messaging applications, sometimes for money or other hacked data. Important information today is that the database was spotted on a hacker forum where it is being sold for a rather small amount, free according to the Twitter account. @UnderTheBreach who released images from the database to alert users.
Is my account affected?
If you created your account after August 2019, when the flaw was corrected, you are not affected by this hack and your information should not be revealed. Otherwise you may be part of the 20 million French accounts whose information has been stolen.
It is possible to check if your account is part of the word by using the site haveibeenpwned.com which retrieves hacked databases from many sites. Check first with your usual email address and then with your phone number. Be careful, however, it is necessary to enter it in international format, replacing the “0” at the beginning of the number by “+33”.
If the result is positive, the site lists the vulnerabilities and hacks in which your email or phone number is present. In this case, it is recommended to change the password for accessing these sites. But in the case of this Facebook hack, the passwords were not stolen.
How to protect yourself?
Even without a password, hackers can use this information to send phishing “trap messages”, a technique also known as phising. For example, they can imitate an official Facebook email or SMS asking you to log in in order to steal your password.
To protect yourself the usual recommendations related to phishing should be followed. If you receive an email asking you to click on a link and prompting you to log into your account, check that the url in the address bar matches that of the site concerned. Ideally, it is recommended that you enter the Facebook address yourself to access it.