And What to Do If You Are
Some 533 million accounts from 106 countries.
That’s how many Facebook users have had their personal data leaked online, as we discovered in news reports that emerged last weekend.
To put that in perspective, that’s the equivalent of just under 7% of the world’s population.
So, what have Big Zuckerberg and his Facebook minions allowed nefarious actors to pilfer? Well, pretty much every piece of personal data that users list on their accounts, including full names, phone numbers, locations, birthdates, relationship statuses, employers, and email addresses.
Right now, all that personal info is just sitting out there online. Anyone with basic internet search skills can find it and access it for free. It’s a bonanza for scammers and identity thieves.
So, in view of this massive data breach, I thought I’d share with you how you can find out if you’ve been affected, what scams to look out for, and offer some of my best practices on keeping your data safe online.
First, though, a few words on Facebook…
Now, if you’re a regular reader of my columns, you’ll know I’m a tech guy. I love trying out new gadgets and reading white papers on new innovations, particularly in the cryptocurrency space. I’ve even built crypto-mining rigs on several occasions. (I plan to share a video of my latest build with you next week.) So, I’m by no means immune to the appeal of social media. I’m a big TikTok user, for instance. But Facebook…well, I have an account, but truth be told I despise the company. It’s evil dressed in corporate clothing.
To me, Facebook represents much of what’s wrong with Corporate America nowadays—arrogance, profits over people, and only giving a damn about the company’s wants instead of the consumers’ needs. Whatever innovation the company originally brought to the table is now long outdated. Today, it prospers largely by hovering up more dynamic competitors before they have an opportunity to challenge its dominance.
Instagram, WhatsApp, Oculus, and others…whenever a company emerges that looks like it might topple some aspect of Facebook’s business, Big Zuckerberg swoops in and buys up the place.
In another time, Uncle Sam would have put a halt to these sorts of monopolistic practices. But the days of Teddy Roosevelt breaking up John D. Rockefeller’s Standard Oil are long gone.
Now, companies—and particularly tech giants like Facebook—are allowed to maintain monopolies at will. This stifles innovation, it breeds arrogance, and it hurts the average person. And it’s not like Facebook is at all reassuring.
One of Facebook’s few official responses to this massive data breach was a terse statement (ironically released on Twitter): “This is old data that was previously reported on in 2019. [Facebook] found and fixed this issue in August 2019.”
The point, however—as is immediately apparent to even a 5-year-old—is not how old the information is. I’m pretty sure most of us still have the same names, emails, and birthdates as back in 2019. Plus, before the start of this year, most of this information wasn’t easily accessible in the public domain. Now that it is, we could see an uptick in various types of scams.
It’s estimated that more than 32 million accounts in the U.S. have been affected by the breach. So, if you were a Facebook user in the U.S. in 2019, here’s what you need to do:
The site is run by respected IT security researcher Troy Hunt, and lets people check whether their email or phone numbers has been comprised in this data breach, or many of the others that have occurred in recent years. Simply head there and input your email and/or phone number.
If your email has been affected by the breach, then immediately change your password to the affected email address and any associated addresses.
While haveibeenpwned is an excellent resource and one you should check after any big data hack, it’s not foolproof. So, anyone who was a Facebook user in 2019 needs to be on the lookout for potential scams.
The most likely outcomes of the breach are more robocalls and spam emails. The biggest danger, though, is from social engineering scams. These generally involve a bad actor impersonating a person or organization, such as your bank or company, through emails, phone calls, or text messages.
Given the level of personal data revealed in the attacks, these scams could appear very legitimate, so it’s best to be on guard. If you’re unsure of any communication, initiate a call to the individual or organization involved.
Finally, here’s my three best practices for keeping your data safe online:
- Use unique passwords—Have a different password for every online account. And how are you supposed to remember so many passwords, I hear you ask? Use a password manager program. These create unique, powerful passwords for every site you use, so you don’t have to bother remembering them. A good option is the 1Password smartphone app.
- Use two-factor authentication (2FA) on any site that offers it—2FA is a system whereby you have to present two or more pieces of info to access a site, generally your password and a code sent to your smartphone by SMS or through an authenticator app such as Google Authenticator. A ne’er-do-well might have found a way to get your login credentials, but without the 2FA code, the information is useless; they don’t have access to your account.
- Get a VPN, or virtual private network—VPNs are tools that help protect your privacy online by sending your data through a private server before it reaches the internet. I’ve used ExpressVPN for years, but NordVPN is good, too. Just steer clear of any free VPNs—you’ll get exactly what you pay for. (You can read my full guide to VPNs, including my recommended services, in the March issue of the Global Intelligence Letter.)
This will not be the last time we see a large-scale data breach like this. Better to take these steps now, before the next one occurs.