Facebook's 533M accounts leaked online and what does it mean for crypto users

[sujonali1819]

Yeah, I heard about it and still hearing/seeing some article shared on Facebook. This news again warn people to always care about the social medias. These type of things/news help people to reduce their trust on online. And this affect much the crypto world and online backing system IMO.

One side Facebook are forcing their users to use real details and contact on the other hand hackers are stealing the real information and publish it pluckily. That's really bad to hear.

Some suggestions to the crypto users.

1. Don't use real Facebook account to discuss or sharing something about crypto
2. Don't hold you password/private keys in Facebook message.

[jseverson]

Small-ish late-ish update: Facebook apparently addressed this the other day in their blog:

On April 3, Business Insider published a story saying that information from more than 530 million Facebook users had been made publicly available in an unsecured database. We have teams dedicated to addressing these kinds of issues and understand the impact they can have on the people who use our services. It is important to understand that malicious actors obtained this data not through hacking our systems but by scraping it from our platform prior to September 2019.

It didn't mention any plans on informing their users, but it does say they have a dedicated team working to take the dataset down. Good luck with that lol.

[DdmrDdmr]

Following a similar line, 500 million LinkedIn account records are up for sale (for a price that is not too steep) on these type of hacker sites, 2M of them being downloadable as proof for a couple of bucks. The enclosed information included, amongst other, the full name, email, phone number, some professional data, and links to other social media accounts. It is not clear though how recent that data is.

Again, from a cryto point of view, the most obvious mayor risks are targeted sim swaps or phishing campaigns that could be performed by a hacker who knows before hand which profiles work in crypto-related firms or environments (allegedly not derivable from the hacked data itself). Mass phishing email/sms campaigns may hit the jackpot, but targeted attempts on certain profiles could render decent results if people are not careful enough.

See: https://cybernews.com/news/stolen-data-of-500-million-linkedin-users-being-sold-online-2-million-leaked-as-proof-2/

[hatshepsut93]

If you're practicing good security habits like using different emails and passwords for different accounts, using 2FA, not talking about your crypto publicly, then even if you got pwned, your money is safe. Events like this should be a wake-up call for people with poor understanding of basic security, and this forum has plenty of good guides for beginners, so use the search function and read them up.

[lovesmayfamilis]

Following a similar line, 500 million LinkedIn account records are up for sale (for a price that is not too steep) on these type of hacker sites, 2M of them being downloadable as proof for a couple of bucks.

See: https://cybernews.com/news/stolen-data-of-500-million-linkedin-users-being-sold-online-2-million-leaked-as-proof-2/

For some reason, I'm not surprised. This proves once again that social media is evil. Who will be next? Exchanges? Hackers easily break into social networks, all information about users is no longer their property.
Today, privacy is becoming a big problem, it is difficult to become completely invisible on the web. Therefore, you need to divide your life into the one that exists offline, and the one that is on the Internet. New name, new data. A parallel world, looking glass.

[Quickseller]

It didn't mention any plans on informing their users, but it does say they have a dedicated team working to take the dataset down. Good luck with that lol.

I don't think they are trying to take the dataset down (once it is in the public domain, it will always be out there). I think they are trying to find ways in which information can be leaked from Facebook.

The biggest risk of the leaked information is that a thief will try to port your phone number to hack your accounts. This can be mitigated by not using SMS 2FA, and use a token based 2FA, such as google authenticator. It is possible that additional information will be combined with information from this leak that might lead to useful information about you. If this is a problem, it is too late now, but moving forward, you can use unique email addresses for each service you sign up for.