Bitcoin Forum

I'm sure majority of you have heard about the recent Facebook accounts being leaked online, 533 million Facebook users’ phone numbers leaked on hacker forum (https://www.bleepingcomputer.com/news/security/533-million-facebook-users-phone-numbers-leaked-on-hacker-forum/).

https://i.imgur.com/ZZDEewm.png

And for those crypto users who has a facebook account, this might be damaging as these criminals might used your email and your phone numbers as a mode of entry for phishing and other point of entry.

You can used https://haveibeenpwned.com/ to check if your email has been compromised. But what's damaging is the phone numbers itself. So if ever you received emails or even text messages from unknown sources, do not click or better deleted it. You don't want to be the next victim as cyber criminals is all over now.

Don't use social media platforms. Apply it to all social media platforms, not restrict to Facebook.  :)

If you use Facebook

• Don't upload your personal images
• Don't talk about bitcoin, cryptocurrency on your Facebook (in status, shares, etc.)
• Don't upload any screenshot of your portfolio, past trades, balance, etc.

Beyond Facebook, general advice for crypto enthusiasts

• Use non-custodial wallets and don't store your cryptocurrency on exchanges longer than what you need
• Don't store backup of your wallet file, private key, mnemonic seed, password on any online services. Store them off-line

I think this happened like a week ago, it is not a surprise for me because any platform users are providing their data, the data can be leaked, it can happen to Facebook today and later Twitter might be the next target. That is why we need to know the data we are uploading online.

But Facebook itself is not a secret media, almost all data on it can be seen by people that enter another person's profile without the data leak, Facebook has been a platform scammers do check Facebook users profile, all to know is if someone is rich or not, the scam on Facebook messenger starts from Facebook, if you are rich, you will see an unknown person that will message you. If you are rich or not can be seen from the photos you share on Facebook.

To have privacy, do not use Facebook, because Facebook is a data leak on its own. Not only Facebook but all social media.

Yes, someone made that information public a few days ago, but it's data that was hacked back in 2019, and so far has mostly been sold on various forums - similar to what was the case with the Ledger database. There is no doubt that this will result in mass spam, not only to e-mail, but also to mobile phones via calls and messages. As for spam e-mails, they are already part of everyday life, but calls and text messages can be quite irritating.

If you can't just change your mobile number, I suggest you look for the option to block calls and SMS from all unknown numbers, most smartphones support this option without some additional apps.

I thinking changing your password most often should be one of the protecive measures to safeguard your account from Intruders. Most spam messages from our email are attempts to hack into our account. And any form of successful attempt would cause serious damage on the person's entire document

This is a not so subtle reminder that information you give to public platforms, like social medias and centralized exchanges should be considered public information as they can be leaked, hacked, presented to government officials for "investigations" and are usually never truly deleted from the internet.

Always take security precautions when using the internet;
• Do not pass through KYC process on random platforms,
• Do not resuse emails or mobile numbers to register on multiple platforms,
• Keep your investment portfolio out of social networks.

The use of this database is generally going to be through mass email campaigns, targeting a large segment of the DB rather indiscriminately. Since the initial DB has been apparently around for around a year and a half, it’s highly likely that many accounts have already received emails using that DB as a source, with multiple pretexts.

What could be a more targeted subtle potential approach is for someone to use the information in the DB, knowing what specific accounts he wants to target. For example, someone could see an account or set of accounts that talk about crypto, go to the BD, and retrieve the phone (+name+date of birth) to try to perform a sim swap, or a more targeted phishing attempt.

Major part of Facebook crypto users have fake accounts with half naked woman as a profile picture, to get more friends and receive more stakes from bounties. I don't think they will be worried much about this leak. They also use "get-free-SMS" services to verify Facebook accounts, plus free emails. So I think they don't lose much.

Let me I add a big AMEN to what you wrote.

Social medias are a huge market of users personal data : users give them away for free and they make huge profits that most users don't even have a clue about their order of magnitude....and, as if that were not enough, they are not even able to protect them from hacking.
I personally use them with fake datas, zero personal info and only secondary email addresses from the ones I use for everyday purposes.

Facebook is already an effective medium for online social interactions, which then also is helpful for gaining both personal popularity and project engagements. Regardless of being used personally or exclusive for a certain reason, Social Media apps is a great tool to both learn and share ideas. Hence, many people, even crypto enthusiasts, would still use it.

Also, there are accounts on social media websites that are open to public. Meaning, people can view their personal information due to their privacy not being modified well. This can easily be prevented by simply making your account private and only visible to people you are adding first. This info leaks often were from scraped data. Therefore, even if your data is leaked, chances of being really hacked with your financial accounts and personal social media credentials is little, as long the security on your behalf is strong.

Now I understand why I receive these text messages even though I don't sign my # to any website except facebook.

Why is it that facebook didn't mentioned this? they don't want their users to know what happened and those people that are not into cyber security, this don't matter a lot to them.

Oh no, I have been pwned! :o

One of my throwaway account used for social media login shows that it was reported on 3 data breaches and no pastes which means I am at risk now. ???

is this the reason why there are Tons of Facebook account now whos Posting Shit posts about some S3x Scandals? but I'm sure those are not about the scandal instead a Phishing links?

I was thinking about this since the other day because it looks like even in the groups i am with there are tons of posters with the same topic but different accounts

And now Have I Been Pwned has added search for leaked Facebook phone numbers:


https://www.troyhunt.com/the-facebook-phone-numbers-are-now-searchable-in-have-i-been-pwned/

So for those who are in doubt, they can try this service and see how it goes.

Not really. You'd likely receive more business proposals from Nigerian princes and long-lost "relatives" but other than that, you should be fine.

That is, unless you've been using the same passwords for over a decade now.

I advise you to change the password on your FB and also if you use that password for other accounts, change it.
Never open messages from unknown users and specifically do not click on any links within these messages.
Also do not answer calls from unknown people and do not open messages from unknown people and you will be fine.

Nope, the leak only contained personal information you gave to Facebook (Contact info, name, etc..); accounts themselves shouldn't be compromised unless victims are somehow phished, and there are no reports of that happening (yet).

What you're encountering are very likely troll/bot farms that operate on Facebook.


Probably because this was the same dataset that was leaked in 2019 (https://techcrunch.com/2019/09/04/facebook-phone-numbers-exposed/). I absolutely agree that they should at least reach out to those who were affected, but knowing how most people on Facebook have zero sense of privacy, majority probably won't care lol.

A somewhat strange question? Then tell me why publish your photos on the Internet at all? I don’t know how much everyone is aware of such information that if a photo gets on the Internet once, then it will never be removed from there. Everything remains in the memory. If, after a lapse of time, someone wishes to change or erase their information, it will be unsuccessful.
What should Facebook users do? Change passwords, do not register with your data, do not post photos, etc. All social media are evil. In our time, it is becoming more and more difficult to have the right to confidentiality, and those who regularly publish information about themselves, and subsequently suffer from any scammers, should only blame themselves for this.

What is even more worse is there are people, and they are many, I know who use to post also pictures of their little underage children who may or may not agree to be fully online when they have reached a maturity of thought such as to exercise free will. And this decision their parents are taking now on their behalf is irreversible as you correctly pointed out.
It happened to me as well to be taken in pictures then posted online, in friends social media profiles, while I have been in the company of friends who have an unhealthy habit of publishing their lives online and without being asked for consent as if it were the most natural thing in the world and I find it really disturbing; and when I point it out they deal with me as if I was the weird one.

I don't even know the password but surely I will change the password soon and I am sure that I didn't use that kind of passwords for my primary emails and other stuffs where money involved.

And also I blocked every calls coming from someone who is not in my contacts so the hackers has very less chance though. ;D

Yeah, I heard about it and still hearing/seeing some article shared on Facebook. This news again warn people to always care about the social medias. These type of things/news help people to reduce their trust on online. And this affect much the crypto world and online backing system IMO.

One side Facebook are forcing their users to use real details and contact on the other hand hackers are stealing the real information and publish it pluckily. That's really bad to hear.

Some suggestions to the crypto users.

1. Don't use real Facebook account to discuss or sharing something about crypto
2. Don't hold you password/private keys in Facebook message.

Small-ish late-ish update: Facebook apparently addressed this the other day in their blog:


It didn't mention any plans on informing their users, but it does say they have a dedicated team working to take the dataset down. Good luck with that lol.

Following a similar line, 500 million LinkedIn account records are up for sale (for a price that is not too steep) on these type of hacker sites, 2M of them being downloadable as proof for a couple of bucks. The enclosed information included, amongst other, the full name, email, phone number, some professional data, and links to other social media accounts. It is not clear though how recent that data is.

Again, from a cryto point of view, the most obvious mayor risks are targeted sim swaps or phishing campaigns that could be performed by a hacker who knows before hand which profiles work in crypto-related firms or environments (allegedly not derivable from the hacked data itself). Mass phishing email/sms campaigns may hit the jackpot, but targeted attempts on certain profiles could render decent results if people are not careful enough.

See: https://cybernews.com/news/stolen-data-of-500-million-linkedin-users-being-sold-online-2-million-leaked-as-proof-2/

If you're practicing good security habits like using different emails and passwords for different accounts, using 2FA, not talking about your crypto publicly, then even if you got pwned, your money is safe. Events like this should be a wake-up call for people with poor understanding of basic security, and this forum has plenty of good guides for beginners, so use the search function and read them up.

For some reason, I'm not surprised. This proves once again that social media is evil. Who will be next? Exchanges? Hackers easily break into social networks, all information about users is no longer their property.
Today, privacy is becoming a big problem, it is difficult to become completely invisible on the web. Therefore, you need to divide your life into the one that exists offline, and the one that is on the Internet. New name, new data. A parallel world, looking glass.

I don't think they are trying to take the dataset down (once it is in the public domain, it will always be out there). I think they are trying to find ways in which information can be leaked from Facebook.

---

The biggest risk of the leaked information is that a thief will try to port your phone number to hack your accounts. This can be mitigated by not using SMS 2FA, and use a token based 2FA, such as google authenticator. It is possible that additional information will be combined with information from this leak that might lead to useful information about you. If this is a problem, it is too late now, but moving forward, you can use unique email addresses for each service you sign up for.