With a series of data breaches hitting the social networking site Facebook and the world’s largest professional network LinkedIn, it is difficult to determine if your sensitive data has been compromised or not.
The National looks at recent leaks and explores potential tools to find out if your digital identity is safe.
Facebook and LinkedIn leaks
The data of more than 533 million Facebook users resurfaced on an online hacking forum on April 3. The data, which was first leaked in 2019, included millions of files containing users' personal information.
On Tuesday, data from more than 500 million LinkedIn profiles was put up for sale on another hacker forum, according to CyberNews, an online publication.
"It is unknown whether the [LinkedIn] leak data is new or old … it may not be a leak at all but rather a bot that has scraped the information and built a massive database," Morey Haber, chief technology officer and chief information security officer at Georgia-based BeyondTrust, told The National.
Have I been pwned
Users can check if their email addresses or phone numbers are part of the data leaks within a few seconds by logging into haveibeenpwned.com.
"Data breaches are rampant and many people don't appreciate the scale or frequency with which they occur," Brisbane-based security researcher Troy Hunt, who runs HIBP, said.
"There’s rather a lot of leaked data floating around at the moment."
The primary value of the recent Facebook data breach is the association of phone numbers to identities, HIBP said on its website.
"Each stolen record include phone number but only 2.5 million contained an email address. Most records contained names and genders with many also including dates of birth, location, relationship status and employer," it added.
Facebook has no plans to notify half a billion compromised users
Though Facebook admitted that the recent resurfacing of leaked files dated back to a 2019 incident, the company is not planning to notify the users’ whose details are stolen.
The California-based company said malicious actors obtained this data not through hacking its systems, but by scraping it from its platform prior to September 2019. Scraping is a common tactic that often relies on automated software to lift public information from the internet.
"We have teams dedicated to addressing these kinds of issues and understand the impact they can have on the people who use our services," it said in a statement.
What experts advice?
Facebook users need to take "control and ownership" of their online identity, Sam Curry, chief security officer at Boston-based cyber security firm Cybereason, told The National.
"Consumers should check their credit card bills regularly, run a credit report, monitor their credit and consider putting a voluntary freeze on their credit."
"If something is free ... remember that consumers are most likely the product, not the customer. Many consumers might not value their behavioural and personal data, but someone else values it enough to pay for it," he added.
Industry experts said while some platforms promote the verification for users to confirm if their identities were compromised, but its scope is very limited and sometimes the process could be "malicious".
"Tools like HIBP will allow you to search if your email address has been associated with a breach ... [but] not all breaches involve email-addresses as part of the criteria exposed, which is true in Facebook’s case as well," Ammar Enaya, regional director for Middle East, Turkey and North Africa at cyber security firm Vectra AI, said.
Italian and Irish agencies started probe
An Italian privacy watchdog has started a probe against the Microsoft-owned LinkedIn following the leak. The regulator warned that anyone getting hold of such data and using it could face sanctions.
Ireland’s privacy authority said it was looking into Facebook breach.