Personal data of more than 2.4 million Portuguese people were hacked and exposed freely on the dark web: the obscure part of the internet, unreachable through common search engines and widely used by organized crime.
Names, mobile phone numbers, email addresses, places of work and housing and marital status are some of the data that were leaked into a single file. According to Expresso, this file has the unique user identifier of the Facebook. The creators of this document that remains available from the dark web.
The authorities are already putting in place and recommending that people change their password and adopt two-factor authentication on Facebook and other social networks. In this way, the user is warned whenever there is suspicious access to the account.
The information can be useful for cell phone card copies, spreading malicious codes or attacks with forged e-mails, messages or SMS.
“We believe that these data are old and were obtained from a flaw that we eliminated in August 2019 ″, reacted to Facebook to the data leak.
Through the social network’s communications it is possible to find an association between the flaw that Facebook will have eliminated and a complaint with the Portuguese authorities in January 2021. The complaint targeted the leaders of a Portuguese startup called Oink and Stuff, which develops applications for use in Google Chrome and Microsoft Edge.
According to Facebook, Oink and Stuff developed extensions that made it possible to collect personal data from Internet users from their Facebook accounts. At stake are four extensions (Web for Instagram plus DM, Blue Messenger, Emoji Keyboard and Green Messenger) that extracted, without any warning, personal data of users when they connected to Facebook.
It remains to be seen whether there is a relationship between Oink and Stuff extensions and the data leakage of 2.4 million Portuguese, writes Expresso.
Oink and Stuff is not the authorities’ only suspect. The National Data Protection Commission (CNPD) is also eyeing a data leak from 214 million people using Facebook, Instagram and LinkedIn.
At its origin was an attack on a Chinese company specializing in small games, made available on social networks: SocialArks.
While suspicions are not resolved, users are advised to pay attention to calls from unknown numbers and avoid providing personal data; avoid links or attachments in emails sent by strangers; avoid downloads disseminated by user groups; and as already mentioned, change the passwords for social networks and adopt two-factor authentication.
Daniel Costa, ZAP //