Possible Phishing Campaigns Arising from Facebook's Data Leak

Published on 05 Apr 2021

Updated on 05 Apr 2021

Reports have indicated that over 533 million Facebook users' data was recently leaked online, including data from over three million users based in Singapore. The leaked information comprises mainly the Facebook users' mobile number, profile name, profile ID and location. Some users' date of birth and email address were also included.

While Facebook clarified that the vulnerability had been patched by the company in August 2019, users should still watch out for possible phishing campaigns arising from this leak. Threat actors may use the leaked information to conduct phishing and other social engineering attacks. Facebook users should remain vigilant and look out for unsolicited phone calls and messages sent over SMS and instant messaging applications such as WhatsApp.

Well-resourced threat actors may also use Caller ID spoofing technology to impersonate the Facebook user and conduct further attacks, such as:
  1. Impersonating the Facebook user to send malicious/phishing links, request for money transfers, or ask for One-Time Passwords (OTP) to compromise their contacts' accounts
  2. Using the Facebook user's details to compromise the user's other accounts, such as resetting passwords to other online accounts, or leverage additional easily obtainable personal information about the user to request for a replacement credit or ATM card
  3. Using the Facebook user's contact details to order goods and services, or make purchases under their name

Practising good cyber hygiene measures can help mitigate the impact:
  • Be vigilant about phishing attempts. Always be wary of suspicious emails and verify before clicking any links or downloading any attachments, especially if the email comes from an unfamiliar sender.
  • Verify a link in an email/SMS by checking the domain name of the site, as it is an indicator of whether the site is legitimate. Users can hover their mouse over the link to ensure that they are being directed to the Uniform Resource Locator (URL) stated.
  • Turn on login alerts, if available. The platform should send you an alert when someone logs into your account from an unrecognised device or browser. Review any unrecognised login sessions for unusual account activities such as activating email forwarding rules to unknown accounts. If you can no longer access your account, please contact the platform's support team directly to report this issue and request for their assistance.
  • Change your passwords regularly; use a strong password of at least 12 characters which includes upper case, lower case, numbers and/or special characters. Avoid using the same password for different accounts, or using passwords that are derived from your Personally Identifiable Information (PII).
  • Enable two-factor authentication (2FA), where available.
  • Limit access to social media accounts. Also, limit sharing of personal information online as threat actors commonly look for and use such personal information to carry out targeted phishing.
  • Review your account privacy settings and permissions, and adjust your privacy settings as appropriate.

More information is available here:
https://www.facebook.com/help/131297846947406
https://www.bleepingcomputer.com/news/security/533-million-facebook-users-phone-numbers-leaked-on-hacker-forum/
https://therecord.media/phone-numbers-for-533-million-facebook-users-leaked-on-hacking-forum/