Pages

Monday, 12 April 2021

The Facebook Leak: What to be concerned about?

 


In this post, I will show you how to see what data about you was leaked, and how it may be used to hurt you in a SIM Swap Attack, or Spam Calls or Spam Friend Requests and suspicious text messages.

Data was scraped from a bug in Facebook's Add Friend sometime in late 2018 or early 2019. Facebook patched the bug in August 2019. Some person, or persons, scraped the data and made it into files. Nothing is known about what happened after this. They probably tried to shop it around, found that it was too low return for potential customers. In April 2021, all the data was published online in RAR files. So now there is only a positive return on investment as the price of the data was $Free.99.

Now we're waiting to see what the fallout is from this.

The Irish Data Protection Commission asked Facebook about it, and Facebook told them to get fucked. The EU's GRPR homies, can't fine ol'Zuck as the issue was before it came into force. So Mark doesn't need to take time out of his course on "How to Drink Water like a Human" course.


What Data is in the file about you?

All the country files are here on this Archive Link: https://archive.is/MZqak

So you're number is in there. You can click the Ireland file, Unrar it, and you can open the file and search your phone number. Phone numbers generally don't change, but if you've been abroad for some time, then the data or country file to choose is where you were around late 2018/early 2019.

If you're on MacOS or Linux, you can open it on the command line with
    > cat 1.txt | grep 123YourNumber

If you're on Windows, you can open it with this command:
    > type 1.txt | findStr "123YourNumber"


The format of the file is PhoneNumber, ProfileID, FirstName, Surname, Gender, CurrentLocation, Hometown, something, Occupation, SomeDate, EmailAddress. So for me they have:

3538xxxxxxxx:1000002xxxxxxxx:Luke:Potter:male:::::6/23/2018 12:00:00 AM::

A fun thing to search for is the occupation "full time mad bastard", there's lots of those people.


Concerns: Spam Calls, Scam Calls and Premium Rate Number Calls

Attack Vector: Someone tries to trick you now that they have your phone number.

Mitigation: Don't answer calls from numbers that you don't reckonise, Block their country code in your Phone's app.


A number of years ago, the Premium Rate Number Calls was a thing. Where you would get a one ring call from a premium rate number and if you called it back, the scammer would profit through some reverse chargeback. Also your phone credit, if on prepay, or if not covered by bill pay, would be charged high rates.

Now that a global phone book exists, Spam Calls can be a little more targeted. Spam calls can be blocked.

Scam calls, with this targeted nature may trick some unaware people. Their goal here is to Phish you for information that then can be used to exploit you in other ways.

In have another post showing the scam calls and spam calls and showing how to block Country Codes, as most of my calls have been from 022 numbers. You can read that post here: Facebook Leak: Getting Spam Calls from 022 Numbers? How to Block them on Android.


Concerns: Spam Friend Requests

Attack Vector: Someone sends you a Facebook Friend Request, or Private Message, to get you to click a link.

Mitigation: Change your Privacy Settings. Don't click links from big booty bitches.


I've been getting lots of spam fried requests from Porn Bots. Some people may fall for this. Reject them and maybe mark them as Spam. If you see that they have mutual friends with the Porn Bot, then you should inform that person to remove the Bot. We're all in this together.

Their goal here is to get you to sign up for a risky porn site, enter some payment details. There's lots of people who pay for OnlyFans, so this is legitimate risk for idiots.

In Facebook, there is a setting to not allow Friend Requests from Everyone. It is in Settings & Privacy -> Privacy -> How can people find you and contact you. Then set it to Friends of Friends.



Concerns: SIM Swap Attack

Attack Vector: You use 2FA codes delivered by text message. You've identified yourself as someone with electronic goods that can be targeted.

Mitigation: Change everything to use 2FA codes delivered by an Authenticator App.


This will be a particularly targeted attack. If you are a high profile person, they are coming for you. If you've posted on and Social Media account about Cryptocurrencies, they are coming for you. Facebook Graph Search is powerful, so even if you have like a CryptoCurrency Page, or Post, they are coming for you. If you want to stay on top of Crypto news, maybe use a specific News Reader app. Then you won't need to see idiots commenting on Facebook about XPR Ripple being the best and about BitCoin Cash being Satoshi's Vision.

Dear Scammers, I don't HODL (I think the kids call it) and pesky Cryptos, I'd much rather get my arsehole raped off me by Inflation.

A SIM Swap attack is where the attacker will contact your phone carrier, impersonate you and get your phone number diverted to their SIM card. So they will get your text message authentication codes.

Check your Text Messaging App, to see if you have received any text message codes as part of a Two-Factor Authentication (2FA) login system. If they exist, you are open to a SIM Swap Attack. To close this vulnerability, go to the sites at the source of these messages and swap over to an Authenticator App, Google Authenticator is the best one available for iOS and Android. You can also backup your Authentication App Seeds for when your change your phone, otherwise you will need to open Support requests with the companies to get your 2FA Reset.


Concerns: Other Text Message Scams

Attack Vector: You are an idiot who'll click a link, any link.

Mitigation: Keep up to date with your country's Vaccine Rollout. Keep track of what you buy and be suspicious of any delivery company's think look off.


At the current time, the Pandemic of Covid-19, the attackers now have you phone number and can contact you to click a link to Track a Package, Jump the Vaccine Queue, or book your "Legitimate" Vaccine.

There's never really a need to click a Package Tracking Link, it'll be there when it'll be there. Unless you're Leonhart who almost kinda lost a 1st Edition Charizard.

In Ireland, someone magic will text you about your Vaccine. It's free in terms of financial cost. I spent 15 minutes on the HSE's site trying to figure out who'll text/call me, but it's going to be a mystery person.

You may have seen that there is software that allowed the Saudis to access Jeff Bezos's phone. This can be used on you. It is a low risk, as the software used was from some Isreali company and costs money.

Source: Jeff Bezos hack: Amazon boss's phone 'hacked by Saudi crown prince'.

Again the goal is either to exfiltrate data from your phone through malware, or to Phish you on a Web  Page.


Stay Safe out there homies.

No comments:

Post a Comment

Note: only a member of this blog may post a comment.