How to tell if your data was exposed in the latest Facebook leak or some other security breach

These days it has become known that the personal data of more than 553 million Facebook users has been disclosed, including full names, emails, bio details, and in some cases even phone numbers. The leak affected people from more than 106 countries, including 2 million from Argentina, 13 million from Mexico, 10 million from Spain, 32 million from the United States, 11 million from the United Kingdom and 6 million from India.

Alon Gal, chief technology officer at cybercrime intelligence firm Hudson Rock, discovered that the leaked data was being posted these days on a forum accessible to many cybercriminals. And he warned that this information could be used to carry out social engineering attacks and other types of hoaxes.

It should be noted that the data disseminated would come from a security vulnerability reported and corrected by Facebook in August 2019, as explained at Infobae of the social network. The point is that although the vulnerability has been patched, the data that was leaked at that time as a result of this incident has now taken on a greater dimension after being posted, for free, in a forum.

There are different tools to find out if your data has been exposed as a result of this incident. One of the best known options is to access the site Have I been Pwned?, created by Troy Hunt a few years ago. On this site, you will not only be able to find out if your information was leaked in the Facebook leak, but also if it has been exposed by another one of the many security holes that occur in various apps and sites of all kinds.

For its part, the site Firefox Monitor, which is also updated with the multiple leaks that are published daily, allows you to verify this information. In both portals, all you have to do is enter the email (in the case of Have I been Pwned, the phone number can also be used) and the system will indicate if the data related to this account has been compromised in any way. way either. It indicates which security vulnerability affected the profile and which information has been exposed.

There are other tools that have emerged after the Facebook security vulnerability spread but, according to the security researchers consulted, the veracity of the information they return cannot be confirmed at this time.

In this regard, Camilo Gutiérrez Amaya, head of the Eset laboratory, mentioned a page referring to a CSV file which supposedly allows you to consult the data affected by the leak. “We have no information on the origin of the information, so we cannot guarantee the reliability of the information. Although there are over 2.3 million records, the last few lines of the file are at least “not serious” and we have no information on where the data came from. “

He also referred to another page that circulates a lot on the networks and is said to have 66 million records (that is, it doesn’t represent all of the information about the leak). The site asks for the username, the URL of the Facebook profile or the phone to indicate if the person has been compromised. “In summary, it can be used because it does not seek to steal user information, but we could not guarantee the veracity of the information it returns,” he emphasizes.

In this sense, it is better to use systems such as those mentioned above (Have I been Pwned or Firefox Monitor) which have been in use for a long time and have a trust in the IT community. Beyond that and beyond the fact that the data is exposed, the following precautions should always be taken to ensure security:

1. Do not use the same password in all profiles or accounts that you have.

2. Activate the second authentication factor

3. Avoid downloading the app outside of authorized digital stores

4. Do not upload files or enter links that arrive via email or messages.

5. Keep the operating system up to date and have a security solution.

6. Be informed of cybersecurity incidents that occur and how to protect yourself

In addition to all this, and taking into account that a database with a large volume of personal data circulates, Be wary of any phone calls received to gain access to more personal information, asking for bank codes or other access codes or for the purpose of exerting a form of extortion.

KEEP READING: