This past Saturday a hacking forum was flooded with stolen personal data from nearly 533 million Facebook users from 106 countries, including more than 32 million users from the United States.
The personal data includes phone numbers, full names, locations, email addresses and other biographical information. More concerning is that because the personal data was dumped on a hacking forum, the data was open to any threat actor who wanted to use it. Facebook has stated that the leak stems from their 2019 breach that resulted in the exposure of hundreds of millions of Facebook users’ phone numbers, an issue that was fixed as a result of the Cambridge Analytica scandal.
As with any data breach, the main question those potentially impacted are asking is, was my data breached? And with more than 30 million accounts in the US impacted, there are many Facebook users looking for answers. The good news is there are a few online tools available to help.
According to Gizmodo, this website allows you to check your phone number against breaches and according to the site creator, generates random phone numbers that start with the same five digits as your number and sends 99 fakes along with the real one to the server masking your real number.
While a breach of this size makes great headlines, the truth is that personal information such as this is most likely already out there for many of us. If you find out you are part of this breach or any others, there are a number of steps you can take which our team shared in our previous article, Part of a Data Breach… Now What?, including:
Password Management Software - We recommending utilizing a password manager for all your accounts, such as 1Password, Keeper, Dashlane, Bitwarden, or LastPass. Password managers are apps that will set strong random passwords for all your accounts, so you don’t have to remember them and if one site gets hacked the compromise stops there. You just need to remember one strong password for the password manager that is used to protect your passwords (If you are forgetful, make sure to enable the account recovery option and consider storing the password or recovery key in a safe or safe deposit box). Most password managers support biometrics, so accessing and auto-filling your passwords on your mobile device is as simple as doing a face unlock or fingerprint. Web browser plugins allow password managers to be easily used on your computer. In most cases, once you configure the password manager for a site (a task most do automatically as you login or create a new account), it will fill in your login credentials for you when you need to login again. If you used the same password for an account that was breached anywhere else, make sure to change that password everywhere it was in use. If that is the case, what a great time to start using a password manager. We also recommend the use of multi-factor authentication (MFA) to mitigate risk if your passwords are leaked.
Credit Protection - Make sure to review your credit card and bank statements every month and call the bank if you see unusual activity. In addition to monitoring you credit activity, freezing your credit is a strong and cheap protection. Go to the three major credit reporting agencies, Experian, TransUnion and Equifax and freeze your credit with all of them. This can be done online or via phone and at the most costs around $5 per agency. If your credit is frozen and somebody attempts to open a credit card in your name, they will be denied. The downside of this, is that you will need to unfreeze or thaw your credit whenever you apply for a new credit card, get a mortgage, etc. so make sure to do that a couple days before you submit any credit applications. Credit monitoring services are advertised all the time and are often provided for free if you are involved in a data breach, but they only detect fraud after it happens. It is much better to prevent it than have to recover from it, but many of the credit monitoring services do provide insurance or help in dealing with fraud you encounter, so they are worth considering.
About Schneider Downs Cybersecurity
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity or contact the team at [email protected].
You’ve heard our thoughts… We’d like to hear yours
The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].
Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.