[ad_1]
If you are one of the recently hacked Facebook hackers, you have to be extra vigilant on the internet – and especially vigilant with respect to your other online and offline accounts.
Hackers collected on the social network could be used for identity theft and to access accounts ranging from accounts of banks and other financial institutions to online stores. It could also be used in so-called "spear phishing" attacks, in which hackers use the information they know about particular users to send them personalized messages convincing them to disclose their passwords or other data criticism.
"Given the magnitude of this situation – which was truly surprising – and the amount of information retrieved, people may be legitimately concerned," said Justin Brookman, director of privacy policy. and Consumers Union Technology, publisher of Consumer Reports.
Some 30 million accounts were compromised during the attack, announced by Facebook two weeks ago. Hackers were able to access the names and phone numbers of almost all of these users, as well as personal information such as birth dates, relationship status, gender, training and work history for 14 million of them.
Disclosure of this type of personal data can be particularly dangerous for people who try to remain discreet, such as those who have been victims of domestic violence or protesters worried about reprisals from their government. It can also create problems for people trying to keep parts of their lives private from the outside world, such as their sexual orientation or religious affiliations.
Facebook data could be used to access bank accounts
But it can also be risky for everyday users. Indeed, in the hands of malicious actors, this data can be used to hijack accounts on other services than Facebook.
The password reset feature on many sites requires users to answer certain security questions. These questions often ask for the kind of personal details revealed in Facebook hacking, Brookman said.
But it's not just online accounts that are at risk. Information such as names and dates of birth can also be used to access the phone for bank accounts or medical records, said John Simpson, director of privacy and technology protection at Consumer Watchdog, a consumer advocacy group. This type of information "can be extremely powerful" for hackers, he said.
"They can use this information and definitely integrate it into information that could defraud an individual," he said. "Potentially, there is real damage that can be done to people."
Even the escape of a phone number can pose a risk. To protect their accounts on various websites, many users have turned on two-factor authentication, a security technique that often requires users who log in to their accounts to enter special code in addition to their passwords. Many sites send this code via the SMS text messaging system to users' mobile phones.
Security researchers have known for years that the SMS system is vulnerable to hacking attacks. By knowing the phone number of a user, a malicious actor could potentially intercept the two-factor authentication code and use it to take control of the user's account.
It could also be used in targeted email attacks
Harpooning is another potential danger. Typically, during such an attack, a hacker sends an email that prompts the user to click on a link to a fraudulent site and enter their login information. The malicious actor usually uses what he knows about the target – his friends, family, life experience – to convince him that email is legitimate.
Even seemingly innocuous information about a person can be used in such attacks. The more a hacker has data on a person, the more credible it is to attract email. One set of data that was exposed in Facebook hacking was the sites where users had used the Facebook app.
A hacker might be able to retrieve this information and pretend to be the representative of the target's credit card company, possibly even saying that the company had noticed that his card was being used at the time and place of the 'recording,' said Michelle Richardson, director of the privacy and data protection project of the Center for Democracy and Technology, a lobby group.
"These guys are really smart," she says.
Since users often reuse passwords on multiple sites, they risk losing many of their most sensitive and valuable accounts if they are victims of such a scam.
You can take some steps to protect yourself
To find out if you have been affected by the Facebook attack, log in to your account and navigate to a security page configured by the company. If you are concerned, you must take certain steps to protect yourself. Security and privacy experts say:
- Freeze your credit report from major credit reporting agencies, such as Equifax. This will prevent criminals from using the information they have gleaned on your creation of new financial accounts on your behalf. Thanks to a new law, the freeze on credits is now available free of charge.
- Keep a close eye on your financial statements to detect mysterious charges.
- Make sure you do not use the same password in multiple places and create a new one, if you use it. A password manager such as LastPass can make it easy to create and track your login information for different sites.
- Enable two-factor authentication whenever you can, but especially on your most sensitive or valuable accounts. Even these systems may be vulnerable to hacking attacks, but they are even more secure than passwords alone.
Whether your account is affected or not, you can also consider removing or deactivating your Facebook account, especially if you do not use it often. If you plan to keep your account, you should also consider limiting what you share with this account.
"People are sharing information on their Facebook profile that they would not want to share with the rest of the world," Brookman said. "There is historical data about you that could potentially be exploited against you or used to hack into your account or compromise those of your friends"
Now read:
Source link
