“We found and fixed this issue in August 2019,” Facebook spokesman Andy Stone told CNN on Saturday.
For many users, information they had on their Facebook profile in 2019, such as phone numbers and birthdays, has probably not changed in the past two years. And that means the data could still be useful to hackers or other bad actors.
‘Although it was due to an old offense [and] it’s old information, now it’s in the public domain, “said Jeff Dennis, partner and head of privacy and data security practice at law firm Newmeyer Dillion. Anyone who has basic search skills can now find and exploit the database, which was not the case when the data was originally taken. ‘
Here’s what users need to know about how the leaked data can be used and how to protect themselves.
How can bad actors use the data?
The news about the leak is definitely not good. But it is also not necessarily a cause for panic.
The truth is that data breaches have unfortunately become quite common for a wide range of online services. So, unless you’re almost using the internet or mobile applications, it’s likely that a lot of your personal information is already there where bad actors can find it.
The types of information exposed in the recent Facebook leak are also not the most useful for hackers, unlike data such as credit card information or social security numbers.
Yet there are a number of ways in which bad actors can exploit the leaked information.
“It’s actually very easy to search through this data … within seconds you can easily find someone’s information you’re looking for,” Thakur said, although someone has a common name in a 533 cache million plates. finding their information can become more difficult.
While the Facebook breach will not necessarily lead to an increase in the number of phishing attempts, the fact that so many different types of information are available about each user as a result of this hack may make it appear more credible, and therefore more successful .
“It would be very difficult for a user to see through a kind of phishing campaign when they use information that you think was very private to you, such as information that would be found on Facebook in your bio section,” Dennis said. . “When you combine it with location information, you can especially see how bad guys would use this information in a very sinister but effective way.”
How to protect yourself
The breach is a reminder that there can never be an absolute guarantee that information shared by users with online services is secure and private.
“Just as well as our defense, the bad guys continue to evolve faster than we can protect ourselves and faster than companies can protect the information, so you just have to be aware of that,” Dennis said. “I would not post anything on Facebook that you would not want to post somewhere in the public database.”
Affected users, and anyone whose information may have been exposed, should keep an eye out for possible scams or phishing attempts.
According to Thakur, there is a good rule of thumb: “Only give out your information when you start the conversation. If someone asks you for your social security, your password, your credit card number, even your name, it is not necessary. to put in anywhere … unless you’re the one starting the conversation or the transaction. ‘
In other words, do not hand it over if you receive a call or email from someone pretending to be from your bank or your doctor’s office, or from a company that you recently asked for sensitive information. . Hang on. Then look for a reliable phone number for the location – on the back of your credit card, the doctor’s website or the official email proof you received from the company – and call them to determine if the request is legal.