The file of 533 million Facebook users circulating among web hackers reminds us that in the digital age, you have to be frugal in exposing your data and be careful when an email or SMS that looks good to you. know asks you to click on a link.
The site haveibeenpwned.com allows you to find out if your phone number or email address is on the databases exchanged by hackers. It is known to be reliable among cybersecurity professionals.
Likewise, the French site Zataz.com offers a paid watch service for individuals.
But it is important not to trust just any site and give it information … which will then be sold.
Jean-Jacques Latour, head of expertise for the personal assistance site cybermalveillance.gouv.fr, is a little dubious about the real usefulness of the information produced by a site like haveIbeenpwned.
“There is no guarantee of completeness” and “it may scare you for not much”, he believes.
In any case, if you had entered your phone number on Facebook before mid-2019, you are most likely part of the 533 million Internet users – nearly 20 million in France – whose data has been hacked, and partly published. on a hacker forum last weekend.
As it is, you risk nothing – but watch out for any misleading messages you might receive.
“The trap that we can expect is to receive a fake SMS saying + hello this is Facebook, we detected a weird connection on your account + and asking you to click on a link”, explains David Sygula, analyst from CybelAngel (which tracks data breaches on behalf of companies).
“You don’t ask yourself a question, you click on the link … and you are trapped”, with the risk of being robbed of sensitive information – passwords or access codes for example – or of seeing implant spyware on your device.
According to David Sygula, the Facebook file includes phone numbers, but on the other hand few email addresses – around 111,000 for France, or 0.5% of Internet users appearing in the file – so the email bomb attacks are already a bit less likely.
No. The + Facebook file + “‘is nothing compared to the mass of stolen data that hackers are constantly exchanging or reselling”, notes Damien Bancal, the host of the Zataz.com site. a specialty of infiltration of underground data exchange networks.
“Last night, in four hours, I was able to access more than 150 different databases,” giving private information that is sometimes very well segmented, he explains.
“I have a shop that sells vehicle owner data: names, first names, addresses, license plates, vehicle registration data,” he says, for example.
The exchange values vary according to the size of the file, the degree of confidentiality of the information they contain, their degree of freshness …
The email address ultimately sells very inexpensively, from “a few cents per email address up to a few hundred euros for the pack of 15 to 20 million addresses”, estimates Damien Bancal.
“An email address list of 40,000 company boss addresses (…) can be worth 500 to 1000 euros,” says David Sygula.
The basic principle is that any information that is entered on a site or a social network, even a trusted one, can one day be exposed.
“You have to give your information sparingly,” explains Damien Bancal.
He recommends using several different email addresses, for example by pole: health, family, school, work, press and forums … which can then be grouped together on a single platform using tools like Thunderbird.
In general, “you have to avoid spreading your life on the internet because the internet forgets nothing,” recalls Jean-Jacques Latour. “Avoid giving your email address if you don’t need to put it, or create + trash + email addresses”.
Get the latest news delivered to your inbox
Follow us on social media networks