How-To: Was My Facebook Data Hacked?
"Has my Facebook data been hacked?"
But seriously, this is a pretty big problem.
This has been one of many issues Facebook has had. I'm not a fan of Facebook at all.
The idea of keeping in contact with loved ones is a great idea. But not at the cost of your data and privacy.
But anyway.
How did this hack happen this time?
Encompassing approximately 20% of Facebook's subscribers, the data was allegedly obtained by exploiting a vulnerability Facebook advises they rectified in August 2019.
While this data dump appears to have sold in cybercrime communities at least since last year, a Telegram Bot that appeared on the scene earlier this January allowed users to look up a phone number and receive the corresponding user's Facebook ID, or vice versa for a fee.
But now, the data is publicly available for free.
The primary value of the data is the association of phone numbers to identities; whilst each record included phone, only 2.5 million contained an email address. Most records contained names and genders with many also including dates of birth, location, relationship status and employer.
Also included in the leak are the phone numbers from Facebook CEO Mark Zuckerberg, and co-founders Chris Hughes, and Dustin Moskovitz, who are the fourth, fifth, and sixth members to have registered on Facebook.
Here's a number of user details available by country. From the seller's ad.
Rank | Profile Location | Exposed Users | Rank | Profile Location | Exposed Users | |
1 | Egypt | 44,823,547 | 55 | Bahrain | 1,450,124 | |
2 | Tunisia | 39,526,412 | 56 | Ireland | 1,449,919 | |
3 | Italy | 35,677,323 | 57 | Finland | 1,381,569 | |
4 | USA | 32,315,282 | 58 | Czech Republic | 1,375,988 | |
5 | Saudi Arabia | 28,804,686 | 59 | Austria | 1,249,388 | |
6 | France | 19,848,559 | 60 | Sweden | 1,092,140 | |
7 | Turkey | 19,638,821 | 61 | Ghana | 1,027,969 | |
8 | Morocco | 18,939,198 | 62 | Philippine | 879,699 | |
9 | Colombia | 17,957,908 | 63 | Mauritius | 848,558 | |
10 | Iraq | 17,116,398 | 64 | Taiwan | 734,807 | |
11 | Africa | 14,323,766 | 65 | China | 670,334 | |
12 | Mexico | 13,330,561 | 66 | Croatia | 659,115 | |
13 | Malaysia | 11,675,894 | 67 | Denmark | 639,841 | |
14 | United Kingdom | 11,522,328 | 68 | Greece | 617,722 | |
15 | Algeria | 11,505,898 | 69 | Afghanistan | 558,393 | |
16 | Spain | 10,894,206 | 70 | Albania | 506,602 | |
17 | Russia | 9,996,405 | 71 | Norway | 475,809 | |
18 | Sudan | 9,464,772 | 72 | Bulgaria | 432,473 | |
19 | Nigeria | 9,000,131 | 73 | Japan | 428,625 | |
20 | Peru | 8,075,317 | 74 | Macao | 414,228 | |
21 | Brazil | 8,064,916 | 75 | Namibia | 409,356 | |
22 | Australia | 7,320,478 | 76 | Jamaica | 385,890 | |
23 | United Arab Emirates | 6,978,927 | 77 | Hungary | 377,045 | |
24 | Syria | 6,939,528 | 78 | Ecuador | 310,259 | |
25 | Chile | 6,889,083 | 79 | Iran | 301,723 | |
26 | India | 6,162,450 | 80 | Botswana | 240,606 | |
27 | Germany | 6,054,423 | 81 | Slovenia | 229,039 | |
28 | Netherlands | 5,430,388 | 82 | Lithuania | 220,160 | |
29 | Oman | 5,048,532 | 83 | Brunei | 213,795 | |
30 | Yemen | 4,617,359 | 84 | Luxembourg | 188,201 | |
31 | Kuwait | 4,468,134 | 85 | Serbia | 162,898 | |
32 | Libya | 4,204,514 | 86 | Cyprus | 152,321 | |
33 | Israel | 3,956,428 | 87 | Puerto Rico | 130,586 | |
34 | Bangladesh | 3,816,339 | 88 | Indonesia | 130,331 | |
35 | Canada | 3,494,385 | 89 | South Korea | 121,744 | |
36 | Palestine | 3,367,576 | 90 | Malta | 115,366 | |
37 | Kazakhstan | 3,214,990 | 91 | Azerbaijan | 99,472 | |
38 | Belgium | 3,183,584 | 92 | Georgia | 95,193 | |
39 | Jordan | 3,105,988 | 93 | Estonia | 87,533 | |
40 | Singapore | 3,073,009 | 94 | Maldives | 86,337 | |
41 | Bolivia | 2,959,209 | 95 | Angola | 50,889 | |
42 | Hong Kong | 2,937,841 | 96 | Moldova | 46,237 | |
43 | Poland | 2,669,381 | 97 | Iceland | 31,343 | |
44 | Qatar | 2,526,694 | 98 | Turkmenistan | 16,279 | |
45 | Argentina | 2,347,553 | 99 | Honduras | 16,142 | |
46 | Portugal | 2,277,361 | 100 | Burundi | 15,709 | |
47 | Cameroon | 1,997,658 | 101 | Haiti | 15,407 | |
48 | Lebanon | 1,829,661 | 102 | Djibouti | 14,327 | |
49 | Guatemala | 1,645,068 | 103 | Ethiopia | 12,753 | |
50 | Tunisia | 1,595,346 | 104 | Burkina Faso | 6,413 | |
51 | Switzerland | 1,592,039 | 105 | Fiji | 5,364 | |
52 | Uruguay | 1,509,317 | 106 | El Salvador | 4,779 | |
53 | Panama | 1,502,310 | 107 | Cambodia | 2,838 | |
54 | Costa Rica | 1,464,002 |
What can black hat hackers do with my data?
Threat actors (<-bad person) on the hacker forum can use it to conduct attacks on the people listed in the data leak.
For example, threat actors can use email addresses for phishing attacks and mobile numbers for smishing (mobile text phishing) attacks.
Threat actors can also use mobile numbers and leaked info to perform SIM swap attacks to steal multi-factor authentication codes sent via SMS.
It is advised that all Facebook users be wary of strange emails or texts requesting further information or telling you to click on enclosed links.
How do I find out if my data was exposed?
This is a great site to find if your account was hacked and what to do.
Also, report any phishing emails & text messages. Filtering out callers using your carriers spam filter app will also help.
Restrict the people who can have access to your account via your carrier's website to help prevent Sim swapping.
And for heaven sake, DO NOT USE SMS FOR 2 FACTOR AUTHENTICATION.
Use Authy or andOTP for 2FA codes.
I also advise that you remove any information on your profile like:
> Phone Numbers
> Hide email
> Hide your profile information from the public.