This past weekend, the personal data of over half-a-BILLION Facebook users was posted in a low-level hacking forum, including full names and phone numbers, email addresses, and biographical and demographic information.
The only real upside to this breach is that the data is going on two years old, as it appears to have been stolen after a vulnerability that was patched in 2019. However, the pilfered data does seem to be otherwise authentic, which means that the compromised data could provide bad actors with the tools they need to impersonate and/or scam users into giving them login credentials.
This data began leaking via bots back in January of this year, and the information was validated then. While we are unsure as to WHY the hackers provided the entire cache of data this weekend, the point remains that they did.
In situations such as these, it is important to go ahead and assume that you were a victim. It also highlights the importance of remaining vigilant with your social media cyber hygiene. This isn’t the first major Facebook (or social media) breach, and it definitely won’t be the last.
Here are some tips to shore up your profile and ensure you are not scammed:
- Stay on the lookout for potential phishing scams. They have your email address. They know you have a Facebook profile. They will likely begin sending you emails to try and trick you into giving them your login credentials. Because of this, we strongly urge you to:
- CREATE AND/OR USE A NEW/DIFFERENT EMAIL ADDRESS. If hackers are trying to trick you, they will start to send you emails to the email address you have. If you use a different email address, then you will know that any emails sent from “Facebook” to your old email address, aren’t actually from Facebook.
- Change your password. You should be doing this regularly, anyways. It’s important, even if passwords weren’t posted on the hacking site, because it’s possible that your login credentials from other sites have been compromised, so if you use the same password, you could be hacked pretty easily. And even if they don’t have your password, they could have a password cracker… Which leads to the next point:
- Use a STRONG PASSWORD. If you are using Password123 as your password, you might as well not even have a password. Strong passwords:
- Use symbols
- Use numbers
- Have capitalized and lowercase letters
- Do not have any words found in the dictionary
- Do not include birthdays
- You can always use words/phrases and change some letters to symbols and/or numbers. For example, if you like to use the phrase “YouOnlyLiveOnce” you can change it to: “U0nlyL!v30nc3*” so that it’s easy to remember, but also unique.
- Set up Two-Factor Authorization and Alerts. If someone is trying to login, they will be a lot less successful if they have to use a code that’s sent to YOUR phone number. And you also want to be alerted if someone is attempting to login.
It can be stressful to think that your data and information have been compromised, but if you get into the habit of utilizing basic cyber-hygiene methods, you reduce the chance of being further compromised significantly. Breaches will happen; it’s up to you to protect yourself. If you want further tips and tricks to shore up your cybersecurity practices, download our FREE Remote Security Checklist. If you have additional questions, you can always call us at 919-422-2607 or schedule a free online appointment.