You’ve likely heard about the Facebook data breach that happened over the weekend. If you haven’t, I’ll get you up to speed: Some posted information on 503 million Facebook users in a hacker forum online, and Facebook won’t be telling you if you’re one of them. (1) Here’s what you can do about it.
Facebook Data Breach: What We Know
Over this past Easter weekend, someone posted the information from a Facebook data breach that occurred in 2019 in a hacker forum online. Facebook claims they “patched the hole” that caused the breach two years ago, however, that didn’t stop the information of 503 million users from going public. (1) The information included now leaked online includes (1):
- Phone numbers
- Facebook IDs
- Full names
- Birth dates
- Email addresses
The affected users come from 106 different countries, including 32 million from the US, 11 million in the UK, and 6 million in India. The information could allow cybercriminals to impersonate the affected users or scam them into handing over money or other even more valuable information. (1)
How Do You Know If Your Data Was Hacked?
As I already said, Facebook says it will not be contacting the affected users. They say it is because they are not confident that they know all which users have been affected. The company said that the information is now publicly available and that nothing can be done to reverse that. (2)
Users are going to have to figure out whether or not they’ve been hacked themselves. Thankfully, Microsoft regional director Troy Hunt had this Facebook data breach added to his website HaveIBeenPwned. This site allows users to use their phone numbers to look up whether or not their Facebook account has been affected. Hunt is well-respected in the cybersecurity field and the site is highly trustworthy. (3) To determine your account is one of the affected ones, go to HaveIBeenPwned and input your information. It will search the database and let you know.
What To Do If Your Information Was Leaked
If the hackers leaked your account information, the first thing you need to do is simply be aware that attempts to get more information or money from you may be made over the coming weeks. Be on the lookout for suspicious phone calls, DMs, and emails. Do not give information over to anyone and do not agree to give (or receive!) money from anyone.
Hackers may combine details from the breach to attempt identity theft or use your email address to try and break into other accounts. (3) If you have any easy-to-guess passwords or ones you use for multiple accounts, I suggest changing them immediately. You will also most definitely want to change your Facebook password, as this will likely be the easiest one for them to obtain.
Whether your account is a part of the breach or not, it is best practice to have two-factor authentication for your Facebook account. This is easy enough to implement by following these simple steps (3):
- Log in to Facebook on your desktop (not your smartphone)
- Go into your security settings
- Enable two-factor authentication
You can also use an authenticator app such as Authy to set up two-factor authentication. Authy can be used for Facebook as well as any other site you want extra security for. (3)
Finally, if you are truly concerned about your Facebook information being leaked online, the best way to avoid this is to simply not have an account. At the very least, if you can delete the app off of your phone and only use it on your computer. This prevents some of the tracking that the app does and may increase your security somewhat from potential hackers.
- ” 533 million Facebook users’ phone numbers and personal data have been leaked online.” Business Insider. Aaron Holmes. April 3, 2021.
- “Facebook will not notify more than 530m users exposed in 2019 breach.” The Guardian. Kari Paul. April 8, 2021.
- “Facebook Data Breach: Here’s What To Do Now.” Forbes. Kate O’Flaherty. April 6, 2021.