It was recently revealed that the personal information of over half a billion (533 million) Facebook users, including phone numbers, was leaked online. Facebook itself confirmed the leak, saying it was a consequence of a security vulnerability that they fixed back in 2019.
The number of users affected by the data breach in Germany is over 6 million, in Austria over 1,2 million and in Switzerland around 1,6 million. The vulnerability and theft may not be new, but Facebook users whose data was stolen in 2019 are at greater risk right now due to the data leak and should take steps today to better protect themselves from it.
It affects private users and companies
To help those affected, Avast has just published a blog with notes on the situation and tips that users can and should take immediately to protect themselves. This is because the stolen data contains both telephone numbers and e-mail addresses and thus represents an increased risk of SIM swapping attacks. In this fraud scheme, cybercriminals gain access to a user's SIM card and send SMS-based codes to devices redirect under their control to gain access to the target person's emails. For this reason, the data subjects are particularly at risk of malicious takeover of their digital identity.
Since email accounts are the place where users can reset their passwords, it is the easiest, most efficient and most effective way for attackers to take over the digital life of the target person. They do this by first hijacking the email account and then using it to take over other accounts.
Switch Facebook accounts to 2FA
The author of the article Christopher Budd, Senior Global Threat Communications Manager at Avast, recommends that people who had Facebook accounts with phone numbers in 2019 immediately change their email account from password-only or password and SMS-based codes to an authenticator -App, such as those offered by Microsoft and Google. Such an app can reduce the risk of SIM swapping: it completely removes the phone number from the equation. There is also an increased risk of phishing attempts via SMS, also known as "SMishing". Affected users should therefore be particularly careful when receiving SMS messages.
Additionally, high-profile targets such as politicians, government officials, and people in other public service roles are at even greater risk and should consider changing their phone numbers. In some cases, they may even find it advisable to change their phone numbers regularly, but not in a predictable pattern.
Find out more at Avast.com
About Avast Avast (LSE: AVST), a FTSE 100 company, is a leading global provider of digital security and privacy products. Avast has over 400 million online users and offers products under the Avast and AVG brands that protect people from threats from the Internet and the evolving IoT threat landscape. The company's threat detection network is one of the most advanced in the world, using technologies like machine learning and artificial intelligence to detect and stop threats in real time. Avast's digital security products for mobile, PC or Mac have been top-rated and certified by VB100, AV-Comparatives, AV-Test, SE Labs and other test institutes.