An old data breach is still a data breach, and you’re probably still going to need to pay attention to it when it has to do with Facebook, a site most people have used at some point. As you’ve probably already heard, a past data breach affecting half a billion Facebook users is making the rounds yet again after a hacker posted a wealth of personal information lifted from the hacked accounts. And even though the actual hack took place two years ago, you can still take a few preventative measures to make sure this latest incident doesn’t affect you much.
For starters, take the time to check and see whether your data—including your email address, phone number, name, and other identifying characteristics—even appears in said breach. Try one of these options to search for different identifying information that may have been compromised:
If your phone number or other details aren’t in the breach, great! You’re good. If they are, there’s not much you can do about it, now that the information is out and about. On the plus side, you don’t have to worry about your password having been stolen, but this data could be used in phishing attempts elsewhere, and possibly even to reset your passwords or brute-force entry into your accounts, depending how bad a service’s password recovery/reset mechanism is.
That all said, since this data has been floating around for some time, odds are good that you probably aren’t affected if you haven’t already been affected. If anything else, the entire episode shows the importance of using dummy information wherever possible when signing up for an account—especially on social media. Obfuscation is entirely within your control. Don’t feel as if you have to give up legitimate details about your life.
For Facebook, that could include:
- Not supplying any optional information if you don’t have to (your educational history, everywhere you’ve lived, your interests, your work history, etc.)
- Providing dummy information when asked, like a fake birthdate or a pseudonym. (Keep track of these in the notes section of your favorite password manager in case you’re ever challenged over your fake info in order to regain access to your account or reset your password.)
- Using a fake email address (even a slightly modified one, like firstname.lastname@example.org instead of email@example.com) and a phone number that isn’t your actual phone number to sign up for an account. As before, save these credentials in your password manager just in case.
- Use a different “real” name or a slightly modified version of your name. Don’t use the same “screen name” or account name across all of your different services (something we’re all guilty of, no doubt).
Why does this matter? It makes it a lot harder for attackers to use information gleaned from one data breach to affect you elsewhere. If you’re always using different information whenever possible across the various services you use, it’ll be harder to for an attacker to social engineer their way into your account—they simply won’t know enough about you on each service.
Going forward, make sure you’re staying on top of any potential phishing attempts. If you get a text or email out of the blue that attempts to convince you of its legitimacy by giving you some (now readily available) information about yourself, don’t initiate an action on a service based solely on that message. Don’t provide anyone else with any other information in response. Don’t click or tap on links if you aren’t sure where they came from. Instead, pull up your browser, go visit the service directly, and check to see if there’s really something you need to take care of.