Was Your Data Leaked in the Facebook Breach?

This past Saturday a hacking forum was flooded with stolen personal data from nearly 533 million Facebook users from 106 countries, including more than 32 million users from the United States.

The personal data includes phone numbers, full names, locations, email addresses and other biographical information. More concerning is that because the personal data was dumped on a hacking forum, the data was open to any threat actor who wanted to use it. Facebook has stated that the leak stems from their 2019 breach that resulted in the exposure of hundreds of millions of Facebook users’ phone numbers, an issue that was fixed as a result of the Cambridge Analytica scandal.

As with any data breach, the main question those potentially impacted are asking is, was my data breached? And with more than 30 million accounts in the US impacted, there are many Facebook users looking for answers. The good news is there are a few online tools available to help.

HaveIBeenPwned - https://haveibeenpwned.com

HaveIBeenPwned is a website that tracks data breaches and can tell you if you have been part of any breach, including the Facebook one, by providing your phone number or email.

The News Each Day - https://www.thenewseachday.com/private-facebook-phone-numbers-us

According to Gizmodo, this website allows you to check your phone number against breaches and according to the site creator, generates random phone numbers that start with the same five digits as your number and sends 99 fakes along with the real one to the server masking your real number. 

While a breach of this size makes great headlines, the truth is that personal information such as this is most likely already out there for many of us. If you find out you are part of this breach or any others, there are a number of steps you can take which our team shared in our previous article, Part of a Data Breach… Now What?, including:

  • Password Management Software - We recommending utilizing a password manager for all your accounts, such as 1Password, Keeper, Dashlane, Bitwarden, or LastPass. Password managers are apps that will set strong random passwords for all your accounts, so you don’t have to remember them and if one site gets hacked the compromise stops there. You just need to remember one strong password for the password manager that is used to protect your passwords (If you are forgetful, make sure to enable the account recovery option and consider storing the password or recovery key in a safe or safe deposit box). Most password managers support biometrics, so accessing and auto-filling your passwords on your mobile device is as simple as doing a face unlock or fingerprint. Web browser plugins allow password managers to be easily used on your computer. In most cases, once you configure the password manager for a site (a task most do automatically as you login or create a new account), it will fill in your login credentials for you when you need to login again.  If you used the same password for an account that was breached anywhere else, make sure to change that password everywhere it was in use. If that is the case, what a great time to start using a password manager. We also recommend the use of multi-factor authentication (MFA) to mitigate risk if your passwords are leaked. 
  • Credit Protection - Make sure to review your credit card and bank statements every month and call the bank if you see unusual activity. In addition to monitoring you credit activity, freezing your credit is a strong and cheap protection. Go to the three major credit reporting agencies, Experian, TransUnion and Equifax and freeze your credit with all of them. This can be done online or via phone and at the most costs around $5 per agency. If your credit is frozen and somebody attempts to open a credit card in your name, they will be denied. The downside of this, is that you will need to unfreeze or thaw your credit whenever you apply for a new credit card, get a mortgage, etc. so make sure to do that a couple days before you submit any credit applications. Credit monitoring services are advertised all the time and are often provided for free if you are involved in a data breach, but they only detect fraud after it happens. It is much better to prevent it than have to recover from it, but many of the credit monitoring services do provide insurance or help in dealing with fraud you encounter, so they are worth considering.

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity or contact the team at [email protected].

In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2021 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
Biden Administration Announces First Ever Sanctions Against Cryptocurrency Exchange
Apple Releases Emergency Security Update to Address Critical Spyware Vulnerability
REvil Ransomware Group Resurfaces Over Labor Day Weekend
Google and Microsoft Announce $30B Cybersecurity Investment at White House Summit
COVID-19 Scams Surge with New Variants
TSA Issues Second Cybersecurity Directive for Pipeline Owners and Operators
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.