“We found and fixed this problem in August 2019,” Facebook spokesman Andy Stone told CNN on Saturday.
However, for many users, the information they had on their Facebook profile in 2019, such as phone numbers and birthdays, probably hasn’t changed in the past two years. And that means that the data can still be useful to hackers or other malicious actors.
“Although this was due to an old violation [and] this is old information, now in the public domain, “said Jeff Dennis, partner and head of data privacy and security practice at Newmeyer Dillion law firm.” Anyone who has basic research skills can now find this database and exploit it, which was not the case when the data was originally obtained. ”
Here’s what users should know about how leaked data can be used and how to protect yourself.
How can malicious actors use the data?
The news of the leak is definitely not good. But it is also not necessarily a cause for panic.
The truth is that data breaches have unfortunately become quite common across a wide range of online services. So, unless you almost never use the Internet or mobile apps, it’s likely that a lot of your personal information is already out there, where evildoers can find it.
The types of information exposed in the recent Facebook leak are also not the most useful for hackers, unlike data like credit card information or social security numbers.
Still, there are several ways for malicious agents to exploit the leaked information.
“In fact, it is very easy to search this data … in a few seconds, you can easily find the information of anyone who is looking for it,” said Thakur, although in a cache of 533 million records, if someone has a common name , finding your information can become more difficult.
Although the Facebook breach does not necessarily lead to an increase in the volume of phishing scams, the fact that so many different types of information about each user is available as a result of this hack can make them appear more reliable and therefore better successful.
“It would be very difficult, as a user, to see through some kind of phishing campaign when they are using information that you thought was very private to you, such as information that would be found on Facebook in your bio section,” Dennis said. “Particularly, when you combine this with location information, you can see how the crooks would start using that information in a very sinister but effective way.”
How to protect yourself
The breach is a reminder that no information that users share with online services can be absolutely guaranteed to be secure and private.
“As good as our defenses are, bad guys continue to evolve faster than we can protect ourselves and faster than companies can protect information, so you just need to be aware,” said Dennis. “I wouldn’t put anything on Facebook that you wouldn’t want to put in a public database somewhere in the future.”
Affected users, and anyone whose information may have been exposed, should keep their eyes open for possible fraud or phishing scams.
A good rule of thumb, according to Thakur: “Only disclose your data when you are initiating the conversation. If someone asks you for your social security, your password, your credit card number, even your name, there is no need for you put it anywhere … unless you are the one initiating the conversation or the transaction. “
In other words, if you receive a phone call or email from someone who claims to be from your bank, or from your doctor’s office, or from a company where you recently made a purchase asking for confidential information, don’t give it away. To switch off. Then, find a trusted phone number for that place – on the back of your credit card, on the doctor’s website, or on the official email receipt you received from the company – and call them to determine if the request was legitimate. .