More than seven million Aussie Facebook accounts have been hacked and exposed online. Here’s how you know if yours was breached.
Private information associated with some 7.3 million Australian Facebook accounts has been posted online after a massive data breach.
Fraudsters gained access to the data in 2019 after which it was traded for money for a while before being unceremoniously dumped online this week for the world to see.
The data includes phone numbers of many of the users, an aspect that sets the data breach apart from many other incidents. It’s more common that email addresses and passwords are compromised in data breaches.
“The exposure of phone numbers is noteworthy,” said Troy Hunt, an Australian web security expert and creator of the site Have I Been Pwned.
The site lets users plug in their email address or phone number to find out if it’s been included in any data sets exposed by criminals.
Pwned is internet slang for “owned” – in other words, compromised.
It can be unsettling to find out one’s personal details have been exposed in a hack. In some cases, plugging in an email address into Mr Hunt’s website can reveal a single account has been associated with multiple hacks, some dating back over a decade.
But it’s good to be aware if it has happened. People are encouraged to change their passwords – as often as possible, and especially if it’s been associated with an online account that has been compromised.
As for the latest incident, while it’s unusual and also quite big – more than half a billion global users were affected – it’s actually not as worrying as some other breaches, Mr Hunt said.
“There were no passwords exposed, so you don’t have to worry about that. I would recommend heightened awareness more than anything,” he said.
A possible consequence of having one’s phone number leaked online, especially when it’s associated with other personal details like name and suburb, is that scammers could seek to take advantage by sending spam messages or attempting a phishing attack.
Phishing is when a scammer attempts to gain access to private accounts by tricking people into clicking harmful web links masquerading as safe ones.
Facebook acknowledged the breach had happened in a press statement on Tuesday.
But the company said it wasn’t technically a hack – rather, the attackers took advantage of a loophole in the site’s system that made it possible to collect the phone numbers users had provided on a massive scale.
The fraudsters uploaded large sets of phone numbers and matched them to other information using a feature designed to help Facebook users find their friends on the site by plugging in their number.
“As a result of the action we took (at the time), we are confident that the specific issue that allowed them to scrape this data in 2019 no longer exists,” Facebook said in the statement.