In 2019, malicious actors managed to scrape the personal information of a shocking 533 million Facebook users by exploiting a vulnerability that the social network has since patched. Even though this data is now a couple years old, it can still be used to gain unauthorized access to a number of your online accounts, or help in making a scam appear to be a credible and legitimate request for information. Hackers can use the leaked information about you to successfully answer challenge questions on a password reset form or even guess your password to any of your online accounts. More conniving hackers may even pose as a trustworthy 3rd party you do business with to extract information from you directly.
There are a few simple steps you can take to protect yourself:
- Sign up for an identity monitoring service. Not only will this help you determine if you were a victim of this Facebook data leak, but you'll remain apprised to other threats against your reputation and identity.
- Use unique and complex passwords for every login. A password manager can help keep track of all of these passwords.
- Change your security challenge questions for all of your logins. Be sure not to select any questions that can be answered by looking at your social media profiles.
- Be skeptical of unexpected requests for your information or claims that you may be in legal trouble. If an organization you do business with calls, emails or texts you requesting any information, don't answer––instead, reach out to the organization (don't use any contact information listed on the suspicious communication) and verify the request.
While it's a couple of years old, the leaked data could prove valuable to cybercriminals who use people's personal information to impersonate them or scam them into handing over login credentials, according to Alon Gal, the chief technology officer of the cybercrime intelligence firm Hudson Rock, who discovered the trough of leaked data on Saturday.