Facebook in April announced a leak of 533 million records. The data available to cybercriminals included emails, phone numbers, birthdates and more. Read on to find out if your personal data has been leaked and what to do about it. Even if you don’t use facebook your friends do!
The popular social media channel Facebook is an obvious target for cybercriminals. In April 2021, the company announced a leak of 533 million Facebook records. It’s one of the largest known data leaks, and you could be affected. Here’s what you need to know.
Facebook has confirmed that hackers posted information including:
- users’ Facebook ID;
- phone numbers;
- birth dates;
- some email addresses;
- relationship statuses;
- bio details.
Gained in a 2019 data leak, the information was dumped into a public database online, one available for free on an underground website frequented by cybercriminals.
The tech giant says it patched the vulnerability in August 2019. The methods of the leak of nearly a quarter of its client base’s data haven’t been verified. Still, it’s thought criminals misused a legit Facebook function to mine and harvest data.
Was Your Data Leaked?
There is no easy way to know. When a business is hacked it typically sends a notification letting you know. But this isn’t guaranteed. And you can’t go in and check the Dark Web. It is difficult to find and dangerous to access, and that’s why the bad guys like it. You can also navigate to https://haveibeenpwned.com to see if your email address or phone number is on any data breach files (Spoiler alert it is).
Even, if you’re not sure if you’ve been a victim of a data leak, you’ll want to take action. You might decide to opt out of Facebook entirely. Just know, it’s not that simple. Once the information is exposed, it’s out there for keeps.
Still, there are several smart strategies to follow immediately.
#1 Limit Your Facebook Sharing
It is simple to share on Facebook, and that’s part of the fun. You need the world to know you are “Facebook official” or newly single, or you share the pictures of your wedding day or anniversary, or of your new pet. You’re filling in family and friends about your life, right?
Well, if you are using any of that information to create access credentials, you are sharing too much. Someone with a beloved cat called “Petunia” in every photo that uses the feline’s name as a password gives hackers an edge.
You might think you are sharing harmless information, but those birthday party photos posted on the big day are a clue to your identity that hackers can exploit.
This is where your friends come in as well even if you don’t use facebook yourself you are still connected to someone that does use facebook and their lack of security puts your security at risk too.
#2 Use Unique Passwords
Would you believe people still use “12345678” and “password” as their passwords? If you are one of them, stop now. We’ve said it before, and we’ll say it again and again: use unique passwords for every one of your accounts. Yes, it is more to remember, but it helps cut the risk of a data breach at one site snowballing to disastrous consequences for you.
I have a Password Methodology workshop that I teach that offers a unique way to manage and create a unique password for each of your sites and that you’ll never forget your passwords again if you are interested in my method please reach out to me I teach the workshop a couple times a year in a group or I can do it on a one on one basis.
You might use a password manager such as Roboform to manage your many passwords. This is more secure than the password manager offered by your Web browser, although those are better than revising passwords or trying (hopelessly) to memorize them. personally if you don’t want to purchase a Password manager like Roboform which does have a small yearly fee Google Chrome and/or Firefox has a great sync option that will keep and store your passwords if you allow them to and as long as your account is properly secured and locked down your passwords will be safe store your account there.
#3 Add Two-Factor Authentication (2FA)
Enabling two-factor authentication (2FA) makes it more challenging for the bad actor. Now, they will need access not only to your log in credentials but also to your personal device. However, since phone numbers are often included in a data leak, this isn’t the best solution. If the hacker has your name, address, and birth date from the Dark Web, they can take over your phone number, too. They call the company and say, “I lost my phone. Can I get another SIM card.” Then, they are the ones to get those verification codes via message, not you.
Better still, use a 2FA app to confirm your identity. Authy or LastPass are good authenticator apps Google has their own authenticator app as well which is really popular and easy to use. After you attempt to log in, you will need to enter a time-sensitive code generated by the app to complete access.
#4 Stop Signing into Other Sites Using Facebook
Sure, it is convenient to use your Facebook account to sign in to connected applications, because you have fewer passwords to remember. Some of your data is automatically transferred, so signup is streamlined, too, but you are increasing the risk of account compromise.
#5 Develop an Alternate Ego
It all sounds super spy, but you might have one email account you open to be a burner account for social media. You could also use a fake birth date, a fake alma mater, and other alternative facts to fill out the social profile.
Don’t fabricate personal details for an employer, or a financial or educational institution, but you might use a fake identity for entertainment, gaming, and social sites that bad guys may mine for personal data.
Use your legit information for sites that matter and restrict information to those that don’t really need it. ask yourself if you download an app or use an app on facebook does it really need your location information? does it really need access to your friends list? Why does it need access to your contact list if it’s a downloaded app on your phone?
#6 Even if you don’t use Facebook or social media sites in General This information is helpful. Let Me explain.
You still use the internet… you still visit some sites you may bank online or may shop online or you may play games online. You use your mobile device for making calls whatever… EVERYTHING you do creates a trail of information. This is not just about facebook or about social media sites almost every site gets hacked almost every business has suffered some sort of loss or breach at some point or most likely will in the future. It’s Up to You NOW to decide how much of your information is at risk when it happens. follow these steps not just for facebook but for every site or service your use.
Secure your information watch what your share watch what your friends and family around you share because what they do will affect you too!
Need help securing your social media or other online activity?
I can help. Contact me today at 217-960-4335.
Need to Chat? Set up a meeting with me! https://GEFNET.com/booktime