Cybernews
  • News
  • Editorial
  • Security
  • Privacy
    • What is a VPN?
    • What is malware?
    • How safe are password managers?
    • Are VPNs legal?
    • More resources
    • Strong password generator
    • Personal data leak checker
    • Antivirus software
    • Best VPN services
    • Password managers
    • Secure email providers
    • Best website builders
    • Best web hosting services
  • Follow
    • Twitter
    • Facebook
    • YouTube
    • Linkedin
    • Flipboard
    • Newsletter

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

Our readers help us create quality content. If you purchase via links on our site, we may receive affiliate commissions. Learn more

Home » Security » Facebook hack scams: Steer clear of shady leak checkers

Facebook hack scams: Steer clear of shady leak checkers

by Chris Stokel-Walker
8 April 2021
in Security
0
We uncovered a Facebook phishing campaign that tricked nearly 500,000 users in two weeks
23
SHARES
A raft of websites have been set up to check whether your data was compromised in the recent Facebook hack – but beware.

It’s the biggest cybersecurity story of 2021 so far, and a massive embarrassment for the world’s biggest social network. Facebook is fighting fires around the news that 533 million users’ information, including names, phone numbers and email addresses, has been leaked for free to all and sundry through a hacking forum. But what people need to be most conscious of is the range of follow-up scams that seek to capitalise on the fear such news can trigger.

The obvious question many people, including the 11 million UK and 32 million American users who are believed to be caught up in the massive data breach, will have is a simple one: is their data included in the massive dump of information? The answer is more complicated than you may think. Services that check through leaked or hacked databases have long existed, but cybercriminals are a canny bunch and know that there will be renewed, significant interest in people trying to find out whether they’ve fallen victim.

For that reason, there’s a need to be wary of any sites that profess to check your details against the Facebook database of 533 million users to ascertain if you’ve become a victim or not. They may in fact simply be honeypot scams looking to bring a new set of people’s data into their dragnet.

Finding reputable checkers is important

It’s a worry that many cybersecurity experts are warning about. Alan Woodward, a computer scientist at the University of Surrey, has warned that people could fall victim to fake sites claiming to check your details against the database. “Personally I wouldn’t trust some of the other ‘checkers’ out there,” he tweeted on April 6.

If you’re worried you may have been caught in the most recently discussed Facebook data leak, then @troyhunt has updated haveibeenpwned so you can check – personally I wouldn’t trust some of the other “checkers” out there but this one I do https://t.co/h2WFzDZahQ

— Alan Woodward (@ProfWoodward) April 6, 2021

Part of the problem is that the Facebook leak is so high profile that well-meaning actors are trying to help people understand whether they’ve been caught up in it, and are setting up websites that help, but haven’t got the established brand name of something like Troy Hunt’s Have I Been Pwned or CyberNews’s own personal data leak checker, which securely cross checks any information inputted against a database of more than 15 billion breached records.

Take, for instance, the work of two well-meaning researchers at Edinburgh Napier University, who created a similar site to Have I Been Pwned, called Have I Been Zucked? They allow users to input a phone number, email or name, and to ascertain whether they are included in the 533 million-strong database.

Myself and @su__charlie have indexed the entire Facebook 2019 data breach, containing 533M records, and made it searchable by phone number, email & name.

✅ Quickly confirm if your details have been exposed

❓ Have you been Zucked?https://t.co/Pq7SMJ6SkY

— Lloyd Davies (@LloydLabs) April 5, 2021

Transparency is important – but trust moreso

The two creators of Have I Been Zucked are aware that there are a raft of websites out there offering similar services – some of which may not be what they actually claim to be, and may not do what they profess to. Which is why they have posted a transparency page on their website, saying “It’s not in our interests to harvest your data, that’s not what this service is for.”

Yet that’s precisely what some scammers will be wanting to do.

In every cybersecurity breach, there’s a moment of alarm when people try to find out whether they’ve been caught up in the dragnet. Panic causes people to not think straight, and to take risks they shouldn’t.

You should always use reputable sources of information, and take every claim of transparency – even if it’s well meaning – with a hefty pinch of salt. If you do decide to input information into websites that aren’t well-established for being breached record checkers like CyberNews or Have I Been Pwned, then you should make sure you’re giving as little data as possible away. Don’t put in your phone number if you have the option of putting in your name. But most of all, try and stay away from fly-by-night services and stick with reputable sources you can trust.

Share23TweetShareShare
Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Editor's choice

500M LinkedIn user records sold on hacker forum
News

Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof

by CyberNews Team
6 April 2021
4

We updated our leak checker database with more than 780,000 email addresses associated with this leak...

Read more
LinkedIn, FB, Twitter, Clubhouse apps seen on an iPhone

Recent Facebook, LinkedIn and Clubhouse leaks explained

15 April 2021
Cheapest tool to kill satellites? A computer

Cheapest tool to kill satellites? A computer

13 April 2021
A gift to criminals and tyrants? Soon, wireless devices could become object sensors

A gift to criminals and tyrants? Soon, wireless devices could become object sensors

13 April 2021
“Not ideal” from a privacy standpoint: Clubhouse API lets “anyone” scrape public user data

“Not ideal” from a privacy standpoint: Clubhouse API lets “anyone” scrape public user data

12 April 2021
  • Categories
    • News
    • Editorial
    • Security
    • Privacy
  • Reviews
    • Antivirus Software
    • Password Managers
    • Best VPN Services
    • Secure Email Providers
    • Website Builders
    • Best Web Hosting Services
  • Tools
    • Password Generator
    • Personal Data Leak Checker
  • Engage
    • About Us
    • Send Us a Tip
    • Careers
  • Twitter
  • Facebook
  • YouTube
  • Linkedin
  • Flipboard
  • Newsletter
  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.
Subscribe For Security Tips And CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!
Our Privacy Policy and Terms & Conditions

Home

News

Editorial

Security

Privacy

Resources

  • About Us
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.