Could someone elaborate on what the worst-case exploit would be for those number that got leaked? How would a scenario look like? Asking for a friend whose number got exposed...
It's still going to be a scam message, but they can use your Facebook ID to see everything public on your profile now, as well as the other fields in the leak like full name, location, bio, birthday. So whatever the most convincing scam message somebody can come up with is combining all of that data. Off the top of my head, "happy birthday here's a gift from us" messages from companies leading to phishing pages and personalised fake register to vote pages relating to upcoming elections in your area.
It's not really new data, it's just scam SMS I've received in the past has never shown any sign of knowing anything other than my phone number. Now you can buy phone numbers and pull personalisation data unrestricted from your copy of Facebook's database for each of them. I'm sure sophisticated scammers already were, but now everyone will.
My university is known to offer the option payment of tuition through a popular online system.
This option is done by sending each student, at the start of the year, an SMS with a link to a payment option.
Suppose you can get a list of people studying there, their names, and their phone-numbers. Faking this SMS and putting a payment that goes to you instead of uni would be a nice way to earn about 2000 euros per student who falls for it.
> My university is known to offer the option payment of tuition through a popular online system. This option is done by sending each student, at the start of the year, an SMS with a link to a payment option.
They don't email this information? They don't put it on an online notification system? I have no idea why SMS seems like the logical option for this.
If your phone is your 2fa, someone uses this data to target you for a sim-swap to take over your phone, and then uses it to take over high value accounts.
What some spammers do in my country for example, is call old people and pretend their (grand/)children were involved in an accident and ask for money for quick interventions (the hospital is out of funds, bla bla). It's sometimes hit or miss cause the person might be next to them, or they just talked, or sometimes they can't figure out if you have a daughter or a son etc.
With a correlated leak like this, it's super easy for me to find your profile, see who you are, what you look like, even from just your profile picture I could potentially see you have a daughter yourself, so I can target your mother that something happened to her granddaughter and you, which would make her pay up even faster possibly.
mcintyre1994|4 years ago
It's not really new data, it's just scam SMS I've received in the past has never shown any sign of knowing anything other than my phone number. Now you can buy phone numbers and pull personalisation data unrestricted from your copy of Facebook's database for each of them. I'm sure sophisticated scammers already were, but now everyone will.
muzani|4 years ago
rocqua|4 years ago
Suppose you can get a list of people studying there, their names, and their phone-numbers. Faking this SMS and putting a payment that goes to you instead of uni would be a nice way to earn about 2000 euros per student who falls for it.
SketchySeaBeast|4 years ago
They don't email this information? They don't put it on an online notification system? I have no idea why SMS seems like the logical option for this.
vimax|4 years ago
ThalesX|4 years ago
With a correlated leak like this, it's super easy for me to find your profile, see who you are, what you look like, even from just your profile picture I could potentially see you have a daughter yourself, so I can target your mother that something happened to her granddaughter and you, which would make her pay up even faster possibly.