Brinztech Alert: Facebook Data of Israel are Leaked

Dark Web News Analysis

A threat actor on a known cybercrime forum is claiming to have leaked a database that they allege contains the data of Facebook users in Israel. According to the post, the compromised data includes sensitive Personally Identifiable Information (PII), such as full names and phone numbers. ¹  

This claim, if true, represents a significant data breach that places a large number of Israeli citizens at risk of highly targeted fraud and social engineering. A database that links real names to phone numbers is a powerful tool for criminals, who will undoubtedly use it to launch widespread smishing (SMS phishing) and vishing (voice phishing) campaigns. Given the geopolitical context, a dataset of this nature could also be a valuable asset for state-sponsored actors for intelligence gathering or to conduct targeted disinformation campaigns.

Key Cybersecurity Insights

This alleged data breach presents a critical and widespread threat to Israeli citizens:

• A Toolkit for Mass Smishing and Social Engineering: The most direct and immediate threat is the use of this data for large-scale, targeted text message and phone call scams. With a list of Israeli phone numbers and associated names, criminals can automate and send millions of fraudulent messages that impersonate banks, government services, or other trusted entities.
• Potential for Geopolitical Targeting and Disinformation: A database of a nation’s citizens is a valuable asset for foreign intelligence services. This information can be used to identify targets for more sophisticated attacks or to launch targeted disinformation campaigns designed to sow social or political discord.
• High Risk of Account Takeover Attempts: While the leak may not contain passwords directly, phone numbers are a key component for account recovery on many platforms. Attackers will use this data to attempt to take over Facebook and other linked online accounts through social engineering or by exploiting insecure account recovery processes.

Mitigation Strategies

In response to this threat, all Facebook users in Israel should be on high alert:

• Launch a Nationwide Public Awareness Campaign: The Israeli National Cyber Directorate (INCD) should issue a widespread public service announcement. This campaign must warn citizens about the high risk of fraudulent text messages and phone calls and provide clear, actionable guidance on how to identify and report these scams.
• Enable the Strongest Form of Two-Factor Authentication (2FA): All Israeli Facebook users must be strongly urged to enable 2FA on their accounts. It is highly recommended to use an authenticator app for 2FA rather than SMS-based codes, as this provides better protection against potential SIM swapping attacks.
• Review and Harden Facebook Privacy Settings: Users should be advised to immediately review their Facebook privacy settings. In particular, they should limit who can see their phone number and other personal contact information to prevent this data from being scraped from their public profiles in the future.

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com