It was reported in CNN that Facebook had leaked a total of 530 million user’s personal data and there were being sold on Telegram for a fee. The personal data includes full names, phone number, birthday date, email address and residential address.
According to a cybersecurity expert, out of the 530 million victims, around 11 million of them were Malaysian citizens!
Facebook claimed that these data are relatively old data and they were being scraped using a vulnerability that had been patched in 2019. Fortunately, no passwords have been leaked.
What’s worrying is that with these data, you can perform a Social Engineering Attack on designated users.
Social engineering attack is an attack formulated through user habits and information. For example, when setting a password, most users will use their own birthday date, or someone else’s birthday date, or a combination of the two. In this way, as long as you have the user’s account and birthday date, you can start from the birthday date and try to log in.
The efficiency of social engineering attacks is much higher than cracking through software such as Brute Force and Dictionary Attack. At present, there were many users who set the same password for multiple accounts. Hence, after one’s password is cracked, other accounts can be stolen too.
All Facebook users need to pay attention to this. If you receive an unfamiliar call recently, then you may be one of the victims of personal information being sold!