Cybersecurity Newsletter - Issue 17
Keeping an eye on cyber news and threats
It’s not been a great week for social media platforms this week, two major data breaches have been reported involving Facebook and LinkedIn; a combined total of over 1 billion accounts have been scraped and their data made available online. Let’s start with Facebook.
Data of 533 million Facebook users leaked online
Facebook is under scrutiny yet again after it was discovered that the data of 533 million users was leaked online, which includes phone numbers, names, locations, email addresses and biographical information. Even Mr. Zuckerberg’s number was leaked.
It was all posted on a ‘low-level’ hacking forum for everyone to access for free. A spokesperson for Facebook said that the data was ‘scraped’ from Facebook due to a vulnerability that was patched in 2019 meaning the data is two years old, but how often do we change our contact information? Although a couple of years old, the majority of that information will still be relevant and things like phone numbers and emails still in use. Our birthdays certainly don’t change and our names less likely to also. All of this data can be used to launch phishing campaigns, steal identities and commit fraud.
11 million of those users were in the UK, and with 38 million people on Facebook in the UK that means around 1 in 3.5 people will have been affected. Although haveibeenpwned.com has added the leak to their database, only 2.5 million of the 533 million user’s data leaked contains emails, and haveibeenpwned.com only searches for emails. At present, without searching for the data manually there is no way of easily checking if you are included in this breach.
500 million LinkedIn user’s data being sold online
Only days after the news about the Facebook data leak, it seems there has been another one of similar proportions involving LinkedIn. 500 million out of a total 740 million users on LinkedIn have had their details put up for sale online, which includes contact details, full names, workplace information, connections and more.
Two big data breaches in a week, yikes. That’s a lot of personal data out on the internet, combined with the Facebook breach, it’s highly likely that much of our personal data is now available on the internet.
This information can be used in various phishing attempts including spear-phishing (directly targeted phishing), brute-forcing into people’s accounts and even identity fraud, so we need to be extra vigilant. Make sure you get 2-factor authentication set up on all of your accounts, watch out for suspicious messages and requests and strengthen your passwords.
It also brings up the same old question of how much trust should we put in these companies when it comes to our data? I know my answer.
Fake Census form reminder
Most of you will have completed your 2021 Census already and those that haven’t gotten round to it will start receiving reminders, but not just from the government it seems. Cybercriminals are taking advantage of the Census now being done online and sending out fake reminders by text or email, directing victims to some very well-done fake Census websites. The fake sites (some you really can’t tell the difference unless you check the website address) are then asking the same kind of questions as the real form to gather your personal information.
The same kind of awareness and checks are necessary here when it comes to phishing – check for bad grammar, check the link provided (the real Census will be a gov.uk domain) and the government will send you postal reminders, not text or email.
You can find more on this, including images of the texts and a comparison of one of the fake sites, here.
This week’s top tip – Password managers
Password managers or ‘vaults’ are a great way to keep your passwords strong and secure without needing to remember them all or write them down. All you need to remember is one ‘master’ password and the password manager remembers the rest.
Putting all of your passwords in one place may seem like a bad idea but all of your passwords are encrypted to a high level and adding 2-factor authentication to your account makes sure only you have access, and besides, it’s better than the alternative of using the same password everywhere.
They can auto-fill passwords, generate random strong passwords and save new ones. They are a great way to make sure you don’t use the same password everywhere.
Which one you choose is up to you, some offer free versions and some are paid, a little research can help decide the best one for you. I personally use LastPass, but there are many other great password managers out there such as Dashlane which tops the list on most tech websites.
That’s all for now, stay safe and see you next week.