Reports of a data breach spread on Facebook, affecting half a billion users on the giant social network from 106 countries, and although this number is staggering, the story contains more than 533 million sets of data, and this breach highlights again the number of The systems we use are not designed to adequately protect our information from cyber criminals, nor is it always easy to know whether or not your data has been compromised, according to TheNextWeb.
Details of more than 500 million Facebook users have been posted online on a website used by cybercriminals.
It quickly became apparent that this was not a new data breach, but an old breach that returned to haunt Facebook and the millions of users whose data is now available for purchase online.
The data breach is believed to relate to the vulnerability that Facebook was reported to have fixed in August of 2019. While the exact source of the data cannot be verified, it is likely that it was obtained through the abuse of legitimate functions in Facebook’s systems.
This abuse can occur when an innocent feature of a website is used for an unexpected purpose by attackers, as was the case with the PayID attack in 2019.
Alon Gal, chief technology officer at cybersecurity firm Hudson Rock, discovered the leaked database and posted screenshots on Twitter.
And in the case of Facebook, criminals can drill into Facebook’s systems to obtain users’ personal information, using technologies that automate the data collection process.
In 2018 Facebook was reeling from the Cambridge Analytica scandal. This was also not a hacking incident but rather an abuse of a completely legitimate functionality of the Facebook platform.
While the data was initially obtained legitimately – at least as far as Facebook’s rules were concerned – it was then passed on to a third party without the appropriate consent of the users.
Have you been targeted?
There is no easy way to determine if your details were compromised in the last leak, if the website in question is acting in your best interest, you should at least receive notice, but this is not guaranteed.
Even a tech-savvy user will limit themselves to looking for the leaked data on their own secret websites.
The data sold online contains a lot of basic information.
And according to haveibeenpwned, most records include names and genders, with many also including birthdays, location, relationship status, and employer.
Although only a small percentage of the stolen data has been reported to contain a valid email address (around 2.5 million records).
This is important because user data is less valuable without the corresponding email address, as it represents a combination of birthdate, name, phone number, and email that provides a useful starting point for identity theft and exploitation.
If you are not sure why these details are important to the criminal, consider how to confirm your identity over the phone with your bank, or how you last reset your password on a website.
Troy Hunt, founder of Haveibeenpwned and a web security expert, said the secondary use of the data could be to boost SMS-based phishing and spam attacks.
How to protect yourself?
Due to the nature of the leak, Facebook users couldn’t have done much proactively to protect themselves from this breach. Since the attack targeted Facebook’s systems, the responsibility for data security rests entirely with Facebook.
On an individual level, while you can choose to opt out of the platform, for many, this is not a simple option. However, there are some changes you can make to your social media behaviors to help reduce the risk of data breaches.
1) Ask yourself if you need to share all your information with Facebook
There are some bits of information that we inevitably have to waive in exchange for using Facebook, including cell phone numbers for new accounts as a security measure but there are a lot of details that you can withhold to retain a bit of control over your data.
2) Think about what you share
Aside from the reported leak, there are plenty of other ways to collect user data from Facebook. If you use a fake birthday on your account, you should also avoid posting birthday party photos on the real day. Even our innocent photos can reveal sensitive information.
3) Avoid using Facebook to log into other websites
Although the “Log in with Facebook” feature will likely save time (and reduce the number of accounts you have to keep), it also increases the potential risk for you – especially if the site you are logging into is not trusted. If your Facebook account is hacked, the attacker will have automatic access to all linked websites.
4) Use unique passwords
Always use a different password for every online account, even if that hurts. Installing a password manager will help with that (and this is how I have over 400 different passwords). Although this will never prevent your data from being stolen, if your password is leaked to one of the sites, it will only work for that one site.
And you can always download a copy of all the data on Facebook. This is useful if you are considering leaving the platform and want a copy of your data before closing your account.