They collected all the information needed for a successful scam on a silver platter.
Picked up in 2019 from a vulnerable server, the personal data of more than 500 million users of Facebook services (Instagram, WhatsApp ...) have been exchanged freely for a few days since a hacker made them available. for free on several forums.
It includes email addresses, phone numbers associated with the account, and personal details such as gender or marital status.
“The database had already been marketed on the Darknet for several months, but it suddenly became accessible to a larger number of malicious people,” chokes a cybersecurity expert.
The important file had also recently lost its value after being passed from hand to hand and was selling for 85 euros.
Facebook's 500 million user database was trading for around $ 100 on hacker forums.
LP / DR
Positive point of its passage in the public domain, cybersecurity researchers were able to appropriate the database in order to create a search engine for potential victims that the Facebook group has still not notified.
Two main and fairly reliable sites have emerged.
You can enter your email or phone number on the well-known haveibeenpwned.com site or on the new haveibeenzucked.com whose name is taken from Mark Zuckerberg, the boss of Facebook.
We recommend that you juggle the two to make sure that you are not one of the 19,848,559 French accounts involved.
READ ALSO>
Cyber attacks: the business of data resold on the Dark Web
And if unfortunately you lost in this lottery, beware of the next few days and weeks of SMS and other messages received on WhatsApp and others.
"Cybercriminals specializing in phishing have everything they need to create a bond of trust and encourage their target to do what they normally don't want", analyzes Philippe Rondel, cybersecurity expert at Check Point.
“For example, they can send a message to claim the password of an account or force the installation of malicious software that will attack a banking application,” he warns.
Morning essentials newsletter
A tour of the news to start the day
Subscribe to the newsletterAll newsletters
How to get out of this bad patch?
It's much more complicated than when a massive leak only involves an email address and password.
You are not going to change your phone number and cancel your subscription as easily as changing and strengthening a password.
It will therefore be necessary to respect other barrier gestures for a few months such as ignoring requests from strangers, even if they seem to know you well and especially not to click on the links received by SMS or e-mails.
Instead, prefer a visit to the official website of the company that contacts you.