By now, you’ve probably heard about the major data breach that involved millions of Facebook user accounts. As one of the most popular social media platforms, you may be wondering if you’re one of the victims. In this blog post, we’ll tell you how to check if you’ve been hacked, what to do if you have, and how to properly secure your account moving forward.
What happened?
Personal data of 533 million Facebook users from 106 different countries was recently leaked on a hacking forum. The breached data includes phone numbers, Facebook IDs, names, locations, birthdates, and email addresses. This data was stolen through a vulnerability exploit back in 2019, however, it still poses a fraud risk to its victims today and for many years to come.
How do I know if I was breached?
Once a hacker has your phone number or email address, they could try to trick you into downloading malware or divulging personal information through phishing attempts. They could also use your personal information to open fraudulent accounts or to hack their way into other accounts you have. Determining whether or not you were breached is one of the first steps in protecting yourself. Once you’ve determined that your account was compromised, you can prepare for any repercussions that may occur.
One way to check if your email address or phone number was involved in this breach (or any others) is to visit HaveIBeenPwned, a free online tool developed by Microsoft Regional Director, Troy Hunt. Once you enter your email address or phone number onto the site, the search results will show you all the breaches that information has been involved in.
For a more in-depth analysis of breached credentials and information, we offer a Dark Web Breach Assessment that thoroughly analyzes your company’s Dark Web presence and provides remediation guidance to secure your accounts. Click here to learn more.
What should I do?
As with any breach, it’s a good idea to change your password to start. This is especially critical if your password is easy to guess or reused on other accounts. For a refresher on how to create a strong password, click here. Enabling two-factor authentication is also a good idea. Two-factor authentication is a combination of two of the following: something you know (i.e. password), something you are (i.e. fingerprint), and something you have (i.e. authenticator app on your phone). Two-factor authentication bolsters your account security.
To enable two-factor authentication on your Facebook account:
- Log in to Facebook and go to Security and Login Settings.
- Scroll to the Two-Factor Authentication section and click Edit next to Use two-factor authentication.
- Choose the security method you’d like to use. There are currently three authentication methods on Facebook: device security key, code from an authentication app (like Google Authenticator or LastPass), or text message code. A text message code is the least secure of these options.
While you’re playing around with your account’s Security and Login Settings, you should also take some time to employ the various other safety precautions Facebook provides (below).
There’s an inherent risk associated with online accounts but armed with some basic cyber security knowledge and diligence, you can start to guard yourself against malicious hackers.
Are your breached credentials already for sale out on the Dark Web? Find out with our free Dark Web Breach Assessment.