The popular social media channel Facebook is an obvious target for cyber criminals. In April 2021, the company announced a leak of 533 million Facebook records. It’s one of the largest known data leaks, and you could be affected. Here’s what you need to know.
Facebook has confirmed that hackers posted information including:
- users’ Facebook ID;
- phone numbers;
- birth dates;
- some email addresses;
- relationship statuses;
- bio details.
Gained in a 2019 data leak, the information was dumped into a public database online, one available for free on an underground website frequented by cyber criminals.
The tech giant says it patched the vulnerability in August 2019. The methods of the leak of nearly a quarter of its client base’s data haven’t been verified. Still, it’s thought criminals misused a legit Facebook function to mine and harvest data.
Was Your Data Leaked?
There is no easy way to know. When a business is hacked it typically sends a notification letting you know. But this isn’t guaranteed. And you can’t go in and check the Dark Web. It is difficult to find and dangerous to access, and that’s why the bad guys like it. You can also navigate to https://haveibeenpwned.com to see if your email address or phone number is on any data breach files.
Even, if you’re not sure if you’ve been a victim of a data leak, you’ll want to take action. You might decide to opt out of Facebook entirely. Just know, it’s not that simple. Once the information is exposed, it’s out there for keeps.
Still, there are several smart strategies to follow immediately.
#1 Limit Your Facebook Sharing
It is simple to share on Facebook, and that’s part of the fun. You need the world to know you are “Facebook official” or newly single, or you share the pictures of your wedding day or anniversary, or of your new pet. You’re filling in family and friends about your life, right?
Well, if you are using any of that information to create access credentials, you are sharing too much. Someone with a beloved cat called “Petunia” in every photo that uses the feline’s name as a password gives hackers an edge.
You might think you are sharing harmless information, but those birthday party photos posted on the big day are a clue to your identity that hackers can exploit.
#2 Use Unique Passwords
Would you believe people still use “12345678” and “password” as their passwords? If you are one of them, stop now. We’ve said it before, and we’ll say it again and again: use unique passwords for every one of your accounts. Yes, it is more to remember, but it helps cut the risk of a data breach at one site snowballing to disastrous consequences for you.
You might use a password keeper such as 1Password or LastPass to manage your many passwords. This is more secure than the password manager offered by your Web browser, although those are better than revising passwords or trying (hopelessly) to memorize them.
#3 Add Two-Factor Authentication (2FA)
Enabling two-factor authentication (2FA) makes it more challenging for the bad actor. Now, they will need access not only to your log in credentials but also to your personal device. However, since phone numbers are often included in a data leak, this isn’t the best solution. If the hacker has your name, address, and birth date from the Dark Web, they can take over your phone number, too. They call the company and say, “I lost my phone. Can I get another SIM card.” Then, they are the ones to get those verification codes via message, not you.
Better still, use a 2FA app to confirm your identity. Authy or LastPass are good authenticator apps. After you attempt to log in, you will need to enter a time-sensitive code generated by the app to complete access.
#4 Stop Signing into Other Sites Using Facebook
Sure, it is convenient to use your Facebook account to sign in to connected applications, because you have fewer passwords to remember. Some of your data is automatically transferred, so signup is streamlined, too, but you are increasing the risk of account compromise.
#5 Develop an Alternate Ego
It all sounds super spy, but you might have one email account you open to be a burner account for social media. You could also use a fake birth date, a fake alma mater, and other alternative facts to fill out the social profile.
Don’t fabricate personal details for an employer, or a financial or educational institution, but you might use a fake identity for entertainment, gaming, and social sites that bad guys may mine for personal data.
Need help securing your social media or other online activity? Our experts can help.