According to reports over the weekend, Facebook suffered a major data breach, with the personal information of 533 million users being posted on a hacking forum that could be used to commit fraud, according to Business Insider.
Phone numbers, email addresses, full names, birthdates, locations, and other Facebook biography details are among the information collected.
However, a Facebook spokesman told Newsweek in a statement that this is old data from a problem that was resolved in 2019. Because the function could be used to imitate Facebook and provide a phone number order to find out which user it belonged to, Facebook removed people’s ability to directly find others using their phone numbers on both Facebook and Instagram at the time.
According to a Facebook spokesman, a sample of the new breach matched previously known data related to the contact importer vulnerability problem, which was fixed in August 2019.
While there are no dedicated tools to check if Facebook information was included in the leak, users can check their email to see if their information was compromised.
People can enter their email address on the HaveIBeenPwned (HIBP) website, and the website will tell them if their email address was used in any data breaches. You can also sign up for alerts when your email address is discovered in a new data breach.
According to the HIBP website, Troy Hunt created the site “as a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or ‘pwned’ in a data breach.”
According to HIBP, email addresses were found in only about 1% of the records from the Facebook leak, or 2.5 million. According to the HBIP website, “the primary value of the data is the association of phone numbers to identities.”
There are currently no reliable websites to check if your phone number was compromised. The News Each Day is a website where you can enter your phone number to see if it was compromised, but it isn’t widely known.
On Saturday, Hunt asked on Twitter whether Facebook phone numbers should be searchable on the HBIP website.
Even if your email was not included in the breach, taking steps to protect your online data from a future breach can be beneficial.
According to Marc Goodman, a cybersecurity expert, and author of Future Crimes, the first step is to decide what you want to share with Facebook online.
“When dealing with a company like Facebook, you have a lot of control over what information you share,” Goodman explained. “And the more information you share, the more information you can expect to leak.”
People should also keep their app software up to date.
“We’re always finding software bugs,” he said. “So every time you turn on your Apple or Android phone and see a new release of the Facebook app, that’s a nice way of saying we discovered security holes in the previous release. As a result, whenever someone tells you to update, you’re probably plugging security holes in the process.”
Not only should you have a strong, unique password, but you should also avoid using the same password on multiple websites.
“Using the same strong password across multiple sites, even if you have a strong password, is incredibly stupid,” Goodman said. “If you use the same username and password across multiple sites, the bad guys will automatically test those against a variety of other sites if one of your accounts is compromised.”
Additionally, tools such as password managers and two-factor authentication (2FA) apps can help data security.
Tools like 1Password, Dashlane, and Bitward can generate and securely store unique passwords, so you don’t forget how to log in to your online accounts.
To secure accounts like your bank account or work email, apps like Duo Mobile, Microsoft Authenticator, or Google Authenticator will send a four-digit code to your phone or email before logging in.
In the privacy settings of the Facebook app, you can also enable 2FA.
