Back in 2019, the personal information of 533 million Facebook users, including more than 7.3 million Australians – which might include you – was stolen by hackers. Now, cybersecurity experts are warning it’s easier for criminals to sort through the data and use it to steal your identity.
That means it’s a good time to check whether you were among the more than half a billion people caught up in the hack.
But since Facebook isn’t yet telling its users if they were a victim or not, you’ll have to rely on a third-party website to figure it out yourself.
Haveibeenpwned.com is a very useful website created by Australian cybersec expert Troy Hunt, a Microsoft regional director (an advisory role, he’s not actually employed by the company).
The site collates information from data breaches and can tell you if your details have been compromised.
A quick test on this reporter’s personal email found it had been leaked in 10 different data breaches involving companies like Adobe, Canva and Tumblr (your results will vary and will hopefully be lower).
According to Mr Hunt the Facebook data breach included more than 2.5 million unique email addresses along with the more than half a billion phone numbers.
RELATED: Annoying ‘feature’ coming to app
He said the data “is everywhere already” but noted concerns that he was the one helping people figure out if they were breached and not Facebook.
“The service that suffered the breach should provide the data that is circulating publicly to the rightful owner of it,” Mr Hunt wrote.
“Facebook, of all companies, has the resources to do this.”
Cybercrime intelligence firm Hudson Rock’s chief technology officer Alon Gal said Facebook demonstrated “absolute negligence of your data”.
Rather than informing users if they were caught up in the hack, Facebook insiders spent the weekend instead downplaying its significance.
Facebook policy communications director Andy Stone retweeted a post from his colleague Liz Bourgeois saying it was “old data” from flaws the company fixed in 2019.
RELATED: Jones: ‘I wish I’d never met Trump’
The “old data” still includes current particulars like your phone number, email address, date of birth and relationship status. In the wrong hands, it’s the sort of information that could go past the merely annoying and actually become dangerous.
Kaspersky security expert Dmitry Galov warned on Tuesday the information being used in phishing attacks “would not be surprising”.
“Attackers send malicious emails that appear to come from a trusted sender, for example, from the email address of your Facebook friend,” Mr Galov warned.
“Attackers could also use the information to impersonate the person whose data was breached. In order to stay safe from scammers who may be exploiting this data, take extra precaution when you receive emails that seem strange – even if they appear to come from someone you trust. Never click on any links or attachments inside emails and always check for strange grammar/spelling errors (a sign that the email is not from the person it claims to be),” Mr Galov advised.
As early as January, Mr Gal was warning widespread dissemination of the “old” data was coming after someone created a bot on the encrypted messaging service Telegram that would allow them to query the database.
At the time he gave a breakdown of the breached data by country, revealing 7,320,478 Australian accounts were among them.
Late last week he had an even scarier warning that all of the records were being freely shared online.
In case you needed a reminder about the truly massive scope of Mark Zuckerberg’s data collecting advertising giant, if the breached accounts were a country it would be the third most populous in the world. (The good news is the hack represents only around 15 per cent of Facebook’s total three billion users.)
Mr Gal agreed with Mr Hunt’s assessment that Facebook should be giving users a way to see if their information was breached.
The company hasn’t posted anything about it on its newsroom or Twitter account over the weekend and Mark Zuckerberg, who was reportedly included in the hacked data, hasn’t commented on it either through his Facebook page.
Mr Hunt is considering expanding his website to allow people to search whether their mobile phone number has been leaked as well.