More than 533 million Facebook users had their personal information leaked to the dark web recently, first reported by Business Insider this past weekend.
The leaked info includes full names, email addresses, Facebook IDs, birth dates, and phone numbers. This data set actually spans back to a 2019 vulnerability, highlighting the fact that once your info ends up on the dark web, it’s very hard to remove it.
Here’s how to find out if your data was leaked, and how to secure your Facebook account.
The Facebook leak has been added to the data breach website HaveIBeenPwned. This website is owned by Microsoft regional director and MVP Troy Hunt, a respected member of the security community, so you can trust his site with your details. We’ve posted about this site before in other blogs and it’s one we highly recommend for staying abreast of data breaches and leaks.
What To Do If Your Facebook Info Was Breached
As reported by Kate O’Flaherty of Forbes.com, attackers can use your Facebook-associated phone number or email address to, for example, encourage you to click on a malicious link to steal more details from you, or trick you into transferring money. You can’t change your number easily, so you should remain vigilant for attempts over the coming weeks.
They can also combine details to attempt identity theft, or use your email to try to hack other accounts using easy-to-guess passwords.
With this in mind, if you have been exposed in the Facebook breach, or you use an easy-to-guess password or one that is doubled up elsewhere, it’s a good idea to change your Facebook password.
Change Your Password
We recommend using a password manager such as Last Pass or Dashlane to help generate hard-to-crack and unique passwords and safely store them for future use. No more Post-It-Notes on your computer monitor! These tools let you keep all your passwords in a digital vault that can be opened with one master password, and they can also automatically generate complex passwords.
If you decide to change your password, choose a complex one — and do not reuse a password you have used on a different site. Try creating long and complex passwords consisting of nonsensical phrases or one-sentence summaries of strange life events and add numbers and special characters.
Do a Device Audit
The best way to determine whether someone has gained improper access to your account is to do an audit of the devices that you have used to log into Facebook. On Facebook’s Security and Login page, under the tab labeled “Where You’re Logged in,” you can see a list of devices that are signed in to your account, as well as their locations. If you see an unfamiliar gadget or a device signed in at an odd location, you can click the “Remove” button to boot the device out of your account.
Turn on Two-Factor Authentication
Like many sites, Facebook offers a security feature called two-factor authentication. It involves text messaging a unique code to your phone that you must type in after entering your password. This way, even if someone gained access to your password, it would be difficult to log in without that code. Even though Facebook fixed this week’s security vulnerability, every user should have this feature turned on. If you’re feeling very brave you can always…
Delete your Account
Seriously. It may seem hard but an account that doesn’t exist can’t be hacked.
Questions?
We’ve had clients deal with hacks and data breaches before. It’s never fun but a bit of prevention can go a long way. Reach out – we’re ready to help.
