Attention, Australia: You’ve just been Zucc’d!
Over the long weekend, when much of the world was gorging themselves on choccy rabbits and getting drunk over Easter dinner, online hackers published the private information of 533 million Facebook users. This data, which includes phone numbers, account IDs, full names and physical locations, is enough to expose millions of Aussies big time.
A total of 7.3 million Aussie Facebook accounts have been included in the breach. That means almost a third of the whole country is now vulnerable to low-level hackers looking to exploit their information online.
The leak was first spotted in January by Alon Gal, co-founder of the Israeli cybercrime intelligence firm Hudson Rock, who discovered an automated Telegram bot that was selling sensitive data in online forums.
“Bad actors will certainly use the information for social engineering, scamming, hacking and marketing,” Gal said in a Twitter thread.
While avoiding these hackers sounds straightforward – don’t open any suspicious text messages and monitor for any unusual email activity – the situation is a lot more dangerous than it seems.
Now, anyone with (at least) two brain cells and an internet connection can search for your data online.
To understand the scope of the problem, I used a third-party website to check if I had been Zucc’d. Unsurprisingly, my private and personal information has been included in the Facebook data breach. That probably explains why I got an automated call yesterday telling me there is a warrant out for my arrest. I promise, there isn’t.
As someone who has studied the inner workings of social media over the past year, I believe Aussies should take this breach extremely seriously.
There are a few scenarios that help highlight the issue at hand. For example, if a hacker were to gain access to an email account, they might be able to log into private accounts by using password pairing. Anyone with Google access can type “100 most common passwords” and log-in to your accounts.
So, anyone with simple passwords like ‘password123’ or ‘ILoveRobertPattinson’ should consider changing their password or using password-managing software. By updating your password and taking measures to protect your email, you can seal shut the Pandora’s box of cybercrime that would-be hackers so eagerly await.
In another situation, a hacker may use ‘smishing,’ or SMS texting and phishing, where they disguise themselves as a reputable company and encourage people to share private passwords and /or credit card numbers. Also, these bad actors may spread malware and unsafe links via text messages.
Of course, most people attribute this kind of behaviour to their grandparent who opens random links on their iPad and sends their bank details to any person who asks. However, this really can happen to anyone.
Just the other day I was sent a text from a hacker disguised as an official Netflix account asking me to enter my credit card details. While this seemed unusual, the text message was well-disguised and appeared legit. After doing some more research on the Netflix website, I discovered that I was indeed being scammed.
If a person with above-average media literacy can nearly fall for a fake, imagine the millions of people who may soon find themselves in the same situation.
From now on, I will no longer open any links via text message without doing some research first. While double-checking everything seems like a whole lot of effort, it really is necessary to protect ourselves from the Facebook data breach and similar incidents.
The potential harm of this data leak should warrant an official statement from Facebook, at least to let people know that they could be at risk. A spokesperson for the company told Business Insider over Easter that the the data was scraped from a vulnerability which the claimed to have fixed back in 2019. However, three days since the information was made public on hacking forms, Mark Zuckerberg himself has remained quiet.
While cybercriminals continue to rejoice in the data leak, real people are bound to be affected. Although we cannot put the data genie back in the bottle, we can teach people how to protect themselves online in future.
Ultimately, the rules are simple: Change your passwords, update your information (perhaps use a fake birthday), and always double-check to see if you’ve been Zucc’d.
Tatiana Carter is an Australian-based misinformation and disinformation expert who tackles the spread of false information on social media.