In 2019, IT experts discovered a data leak on Facebook.
According to the company, the security gap has long been closed - but now it is only getting really dangerous for users.
has around 2.8 billion users worldwide.
In the summer of 2019, a
caused a stir
around the world.
In the meantime, the data is circulating on more and more portals in the network.
Now the attacks by
hackers are increasing
- even with dubious SMS.
regularly provides you with all relevant news from the economy.
Click here for registration.
Munich - The data leak on Facebook is apparently more dangerous than initially thought.
Worldwide criminals have stolen some private information from over 530 million Facebook users.
The data records also contain cell phone numbers.
Now there are increasing cases of hackers attacking via SMS.
How dangerous is the Facebook leak for users?
What should those affected do now?
The most important questions and answers at a glance:
Hackers have tapped data from around 533 million Facebook users around the world.
This means that practically every fifth Facebook account is compromised.
The stolen information includes names, whereabouts, e-mail addresses or telephone numbers, including the cell phone number of Facebook boss Mark Zuckerberg.
In Germany alone, six million people are affected by the attack.
The data originally comes from the summer of 2019. So far, the data set has been circulating on relevant websites on the Internet for a fee.
But now the information has appeared on other websites - and for free.
This means that the number of attempted hacker attacks on Facebook users should increase significantly again.
There are already initial indications of this.
In the past few days, reports have increased that users have recently repeatedly received suspicious short messages.
According to Facebook, the data leak can be traced back to a technical interface in which attackers were able to assign previously captured phone numbers to individual users by means of automated queries as part of so-called scraping attacks.
The security problem has been resolved since August 2019, Facebook product manager Mike Clarke assured in a blog post on Tuesday.
The group recently had to struggle repeatedly with security gaps and fraudsters.
How can users find out whether they are affected?
Facebook users who want to check whether their digital Facebook identity has been compromised can check this on the US website www.haveibeenpwned.com.
The online service searches for known data leaks.
All users have to do is enter their email address or mobile phone number.
A database comparison with the existing data records is carried out in the background.
Only a few days ago, the operators also uploaded the intercepted Facebook information.
Why is the Facebook data leak so dangerous?
The stolen data is to criminals much like the sugar confectionery shop is to Pee Longstocking.
Although Facebook emphasizes that it is "old data" from 2019, says Tim Berghoff, security expert at the IT security specialist GData Cyberdefense in Bochum.
But the probability that a cell phone number or email address that was used in 2019 is still up-to-date today is “quite high”.
The corresponding information can be used for personalized advertising or to access credit card numbers, for online orders or to take over and block existing web accounts.
In addition, the data can also be used for so-called social engineering, i.e. for attempts to access further data via friends and acquaintances.
Therefore, the information would have "high value" for criminals.
What role do the mobile phone numbers play in this?
With the stolen cell phone numbers, criminals can, for example, send messages with links to phishing pages to affected persons.
The attackers often use alleged shipment notices from parcel services such as DHL for this purpose.
"The pretext that is often used here consists of an alleged parcel tracking number or the alleged return of a parcel, which should be prevented by selecting the link sent," explains IT security expert Berghoff.
In addition, attackers can use sophisticated technical tricks to hijack the entire mobile phone number so that the actual owner no longer has access, Berghoff warns Merkur.de.
What should users do now to protect themselves?
If their own Facebook account has been compromised after a test on www.haveibeenpwnd.com, users should immediately check their passwords.
Basically, every single online access should have its own password, advises Berghoff.
They can be saved in a password manager.
If you haven't done this yet, you should - if possible - activate multi-factor authentication.
The identity of the user is checked via two different channels, for example by logging into another app.
Important: The second factor should not be an SMS code, because short messages can both be intercepted and redirected (see above).
On Facebook, the corresponding setting can be found in the security settings.
In addition, users can use apps that generate one-time passwords.
The Google Authenticator is a good alternative.
It's free and available for both Android and iOS.
He is also supported by many platforms, explains Berghoff.
There are also hardware tokens such as Yubikey.
They are the safest and most comfortable, but with prices between 10 and 50 euros, they are also the most expensive option.
What should users do if they receive an unusual text message?
At the moment, users should be particularly critical if they suddenly receive an SMS - this is especially true if the message comes from an unknown number or if the sender also sends a link or asks for data to be entered.
"The following applies here: do not answer, do not enter any data, do not tap any links," advises security expert Berghoff.