Mobile phone numbers and other personal data collected at the time from Facebook pages continue to be disseminated and used online. It’s about White pages that cybercriminals keep tapping into—here’s why. Around 36 million Europens are involved.
Social platforms hold a priceless treasure: petabytes of personal data of users. When an incident like the one that happened to Facebook at the time of theaffair Cambridge Analytica is a big deal because cybercriminals can get their hands on very useful information to launch phishing attacks very effective.
The news of the publication of 100 million phone numbers of users registered on WhatsApp with names and surnames (19 million belong to Europens) dates back to April 2022.
As explained in the article, several online forums sell that data on the black market for variable amounts ei cyber criminals they usually draw on it with both hands. Why? Because they can send scam messages to individual users and make them more plausible since the name and surname of the potential victim, for example, is already known.
In April 2021 it emerged that a group of unknown persons allegedly stole the personal information of about 533 million users from Facebook.
The news caused a stir and Facebook hastened to point out that the data relating to the 533 million users were not the result of the violation of the social network’s servers but the consequence of a heavy and well-orchestrated activity of scraping.
Lo scraping it is the automated scanning of the content of the web pages of the platform, an activity which is also prohibited but also carried out by some company with a high-sounding name (think of the 20 million euro fine imposed by the Europen Privacy Guarantor imposed in March 2022).
The company now owned by the parent company Meta added that the data would have been raked around September 2019 by taking advantage of the functionality that allowed import friends to facebook.
This tool still exists today (Load contacts) but Facebook ensures that in 2019 the company’s technicians removed the bug which allowed the extraction of a certain amount of information from the profiles of registered users.
What did the attackers do until September 2019? They have uploaded a long line of phone numbers mobile to check which Facebook profiles they corresponded to and then extract public data such as first and last names, identifiers, geographical locations, email addresses, telephone numbers, marital status and more. These are the data found in the files made public by unknown persons since April 2021.
The event immediately provoked the reaction of the Europen Privacy Guarantor who published an important provision.
Why are we still talking about the incident that affected Facebook in 2019 and which led to the publication of the data of 533 million registered users (excluding passwords, financial and health information) of which about 36 million are Europens?
Because in the last few months they have been signaling themselves from many quarters campagne phishing increasingly aggressive and well-crafted that come in the form of messages, often SMSsent to users’ mobile devices.
It is obvious that by knowing telephone numbers, names and surnames, work activity, geographical location of potential victims, cybercriminals can develop attempts at aggression that appear more convincing.
In this regard, we point out a nice quiz to recognize phishing and the article in which we explain what a URL is and how to discover the dangerous ones.
Even the database, which we talked about in the introduction, containing the data of 19 million Europen users registered on WhatsApp with names, surnames and telephone numbers could be the result of a reworking of the file released online starting from April 2021.
To defend yourself from those who do it scraping i.e. the large-scale collection of information on Facebook it is essential to log into Facebook as an unsubscribed or incognito visitor to check what information you are sharing publicly. And as a general rule you should keep them to a minimum personal informations publicly presented (so to unknown people and friends of friends).
White pages of Europen mobile numbers
In addition to the “targeted” phishing attacks that are increasingly targeting Europen users, there are some websites that allow you to discover the link between a person and their correspondent mobile phone number.
The fact is that the files containing the data of the 533 million Facebook users are still today easily available on the Internet: as is known, in fact, when a piece of content appears on the BitTorrent it is practically impossible to stop its distribution.
As we have seen in the article dedicated to the qBittorent client as long as there is at least one peer in possession of the file it can remain available for any interested user.
The Privacy Guarantor immediately warned “anyone who has come into possession of the personal data deriving from the violation, that their possible use, even for positive purposes, is prohibited by the privacy legislationas this information is the result of unlawful processingIn other words, the reuse of information relating to Facebook’s 533 million users is strictly prohibited at all levels.
However, the oxen have long since escaped from the stable and even if it hasn’t been talked about recently it’s highly probable that cybercriminals are using the data published in April 2021 to set traps and plan targeted attacks.
In this image (source: Bleeping Computer) shows an example of the structure of the subtracted data.
A simple Linux command like the following would allow you to extract from the composed files after the activity of scraping on Facebook the phone number of any person:
grep -Ri ./file.txt -e “name surname“
Alternatively, typing a command like the one below could potentially extract all the data relating to a user registered with Facebook (in the image released by Bleeping Computer it can be seen that the second datum is theID Facebook):
grep -Ri ./file.txt -e ID_Facebook
Suppose an attacker wants to extract data and above all detect the telephone number of a person registered on Facebook: after visiting his profile he should only press the key combination CTRL+U Therefore CTRL+F to start a search and finally type userID.
To the right of the string userID is shown theFacebook identifier of the user: replacing it a ID_Facebook in the previous command, the phone number of the identified person will appear.
Instead of the name and surname, it is even possible to extract all the users, together with their telephone numbers, who reside in a certain location, work for a specific company or carry out a certain activity.
Even after some time it is therefore essential to understand the extent of the problem and be aware that those 533 million records from Facebook can still be used today to do damage.
It is worth highlighting that those who had never provided a phone number to Facebook are probably not present, according to the analysis of the experts, in the “leak” of April 2021. Once again, therefore, users too can and should always follow a principle inspired by that of data minimization expected in General Data Protection Regulation (GDPR): it is advisable to avoid sharing more data than those expressly required for the activation of a service or for access to it.
A group of Europen developers had created and launched the site at the time HaveIbeenFacebooked to understand if the telephone number and other personal data had been stolen by Facebook. Following the provision by the Privacy Guarantor mentioned above, the authors of HaveIbeenFacebooked they closed the service.
However, you can always use Have I been pwned to check the presence of your telephone number and other “looted” data from the public page of your Facebook profile.
We have already talked about the history of Have I been pwned: the author, Troy Hunt, obviously came into possession of the 533 million records coming from Mark Zuckerberg’s social network but referring his service to a different jurisdiction he considered continue with its activities, however very useful.
By entering your mobile phone number including the country code +39 in the search box on Have I been pwned you can find out if your data is in the leak of Facebook containing 533 million records.
The appearance of the message “Oh no – pwned!” and of the sentence “Facebook: In April 2021, a large data set of over 500 million Facebook users was made freely available for download” confirms that his data, including the telephone number, are published in the files that continue to circulate on BitTorrent and on other channels. A verification is however appropriate also because at the time Facebook declared that it would not send any notifications to users.