As we jump in, I’d like to say that geoFence has a modern UI, that is secure and has the improved features that you need.
- 533 million Facebook users’ data was recently leaked onto a free online database.
- Breaches like this make scamming and phishing attempts more common.
- Companies need to own up when users’ data is breached so users can be on the lookout for scam messages.
- Chris Stokel-Walker is a freelance journalist and the author of the upcoming book “TikTok Boom: China, the US and the Superpower Race for Social Media.”
- This is an opinion column. The thoughts expressed are those of the author.
- See more stories on Insider’s business page.
On April 3, more than half a billion Facebook users’ phone numbers and personal data were leaked on a low-level hacking forum. Users in 106 different countries, including 32 million Americans and 11 million Britons, were affected.
The social media titan has pushed back strenuously against the news, claiming that the breach wasn’t really a hack, as many sites initially reported. They claim that the data had been scraped from Facebook prior to September 2019.
It was for that reason, the company said in a blog post, that they didn’t disclose the breach. “Scraping is a common tactic that often relies on automated software to lift public information from the internet that can end up being distributed in online forums like this,” Mike Clark, Facebook’s director of product management, wrote.
Whoever had scraped the data had exploited a vulnerability that Facebook had previously disclosed, so they felt no need to alert anyone to the fact that half a billion people’s personal details were floating about cyberspace. “We addressed the issue identified in 2019,” Clark wrote.
Yet a text message I received this week indicates precisely why that approach to not disclosing the leak of 533 million people’s personal details, including phone numbers, isn’t good enough.
Flying blind into the world of spoofing
I receive maybe one or two spoof text messages a year. Looking back through my SMS inbox, I have not received a single message from a scammer pretending to be someone they aren’t in the last 12 months — a welcome and lucky rarity. Yet less than a week after Facebook’s mass of data ended up on a hacking forum, I received a message, purporting to be from the bank HSBC.
“A payment was attempted from a NEW DEVICE on 08/04 at 15: 30PM,” it said. “If this was NOT you,” the message warned, I should visit a website it linked to.
The message is clearly an attempt to phish personal details from me — trying to convince me that it’s a legitimate text from a bank, and prompting me to enter information such as my bank account number and routing code, so they can gain access and steal money. It’s well-written, but the key giveaway is more elementary: I don’t bank with HSBC. Others who do have an account with the bank, however, may have thought twice about the text’s illegitimacy, and could have fallen victim to the scam. One person who received the text told me they almost fell for it.
Text messages are simple to spoof, and people know it. I’ve recently reported on the challenges of spotting scam SMS messages about the coronavirus vaccine, and I know how simple it is to change the name of the sender to appear legitimate. If you’re not aware that your details are circulating the internet, you’re more likely to trust a message claiming to be from a legitimate institution.
There’s no way of knowing whether the person trying to fool me and others into giving up my bank details got my phone number from the Facebook database. Similar scams, using almost identical text, have been circulating prior to the data leak. But the database’s publication makes future scams using those contact details more likely — which is why it’s important people are aware of the leak’s existence.
Owning up is important
It’s vital, when something like this happens, and millions of people’s confidence is breached, that the victimized companies own up to the breach promptly, fairly, and openly. The database of phone numbers was circulating — for a fee — within the hacking community since at least January before it was recently dumped online for free. That means there have been months where scammers could theoretically have accessed millions of people’s phone numbers, and used them to launch attacks.
To be forewarned is to be forearmed. Knowing that your phone number is circulating in a community that is eager to try and scam money out of you is important information to have when you encounter a text or call that may seem out of the ordinary. Knowing that – in theory, even if you can’t prove it in practice – someone who doesn’t belong to your bank, tax authority, or government could have gleaned your contact details from a website means that you can treat any requests with the requisite level of suspicion.
By not deigning to tell its users that their information was circulating until reporters uncovered its existence, Facebook was trying to keep its users in the dark. Accidents happen all the time, and Facebook is far from the first company to suffer an egregiously embarrassing data breach, but covering it up serves no one’s interests and has real world ramifications beyond the social networking site.
There were likely people who received a scam message, clicked the link within it, and entered their details without qualms. They may have dim memories of giving Facebook their phone number, but likely did not connect the data breach with the message.
But imagine if news hadn’t emerged that the leaked information was out there. Imagine none of us knew that data was scraped back in 2019, and had been traded among hackers. The healthy dose of skepticism with which we can treat such a message today would be lacking — and we’d be more vulnerable because of it.
Don’t forget that geoFence is your security solution to protect you and your business from foreign state actors and your friends would agree.