The news website Insider, recently reported a massive Facebook data breach affecting around half a billion Facebook users. About 32 million users were based in the United States, 6 million in India, and 11 million in the U.K. Some of the personal identifying details exposed in the cyber attack included the following:
- Email addresses
- Phone numbers
- Full names
- Relationship status
We were also impacted by the breach. In fact, a family member had their Facebook account hacked not once, not twice, but three times to date. Further, Facebook has not conveyed whether they had notified any of the affected users.
Facebook spokesperson Andy Stone responded to the highly-publicized incident by saying, "In 2019, we removed people's ability to directly find others using their phone number across both Facebook and Instagram - a function that could be exploited using sophisticated software code, to imitate Facebook and provide a phone number to find which users it belonged to."
However, this data is still valuable to threat actors and those to engage in phishing and identity theft. In fact, hackers use personally identifiable information to execute social engineering attacks. This news is certainly not good, and the threats are ongoing. Further, data breaches have become common in the digital era. Unless you don’t use any online sites or mobile apps, your personal information is probably already available for cyber criminals to find.
Since Facebook has not said whether it sent out notifications to affected users, it’s crucial to be aware of potential phishing and social engineering attacks using your data. Since the Facebook data look includes names and phone numbers, it can lead to an increase in text messages and robocalls. It only takes a few seconds to find a person’s information. With a social engineering attack, a threat actor will imitate a legitimate person or organization to steal credit card numbers, social security numbers, and login credentials.
Considering so much information was leaked during this Facebook breach, it can help make social engineering criminals more successful in their attempts. In addition, it would be hard for people to tell if it is a phishing or social engineering attack since the threat actor is using your private information -- something that you might find under your Facebook bio. Combine it with location information, and you have a perilous mix.
How can you protect yourself? Remember that cyber crime is evolving at a rapid clip, often faster than companies can figure out how to effectively protect your information. For starters, don’t publish anything on Facebook that you wouldn’t feel comfortable sharing on a public
database. Also, lookout for potential scams and social engineering attempts. Don’t share your private information or passwords unless you initiate the conversation. If you get a phone call from someone purporting to be your bank or medical center, hang up and call the number listed on their websites to verify the identity of the caller.
Moreover, it’s critical to use different passwords for every site. Change your passwords frequently, and use complex combinations. However, it is inconvenient and challenging to remember every password. Therefore, it is essential to use a password manager.
A password manager sets a secure foundation by helping you create and remember strong passwords. Beyond helping to prevent social engineering and phishing attacks, password managers provide recommendations for secure and effective passwords using long, random, complex, and unique passwords for every website you use. Moreover, you can use a password manager to sync your passwords across all your devices.
Unfortunately, Facebook does not have a good reputation concerning either privacy or security. The only way to be completely secure is by deleting your account. If you can’t do that, make sure to use a password manager.