Over the weekend we learned that Facebook user information had leaked in a massive security breach. More than 533 million people from 106 countries have their names, phone numbers, email addresses, birthdays and Facebook IDs displayed for all to see on a low-level hacker forum.
The breach also reportedly included Facebook CEO, Mark Zuckerberg and the company’s other founders. With a leak this massive I am sure that many of you are wondering how you can check if you are compromised.
Even though the information that was leaked is from 2019, cybercriminals can still use the data to impersonate you. According to a report from The Verge, there are a couple of internet tools you can use to check if your Facebook information is part of the 533 million users who had their data leaked.
“Have I Been Pwned” is a popular internet site that tracks data breaches. You can enter your email address or phone number on the site (link here) and it will tell you if your Facebook information is part of the breach.
I tried it myself and luckily my information was not part of the dataset.
The News Each Day
This site is more for those in the United States and Australia, which makes sense because the US was among the hardest hit by the breach with over 32 million numbers leaked.
If you know anyone in the US or in Australia, they need to check this site out to see if their number is compromised. The creators of The News Each Day did however say that they were apprehensive about allowing people to enter their phone numbers on the site.
It isn’t advised to be inputting your mobile phone number on any random site. But the creators of the platform said that the site generates random phone numbers to protect your privacy. The site sends 99 fake numbers as well as the real one to its server so it’ll be difficult for anyone to try and decipher which number is the real one.
What do you do if you have been compromised?
The only thing you can do at the moment is to change your password or any passwords from other sites that the tools flag as compromised. It is also advised to add additional security via two-factor authentication (2FA).
2FA is great but to make it even more robust we suggest you should use an authentication app. SMS 2FA isn’t quite as strong because there is a slim chance that someone could intercept your 2FA code. Or in the case we saw of WhatsApp users losing their accounts, someone can send you a fake message impersonating support staff and then asking you to confirm your identity by sending them the SMS code you receive.
No member of any online support staff would ask you to do that. A 2FA code is like a password, meaning it’s for your eyes only. The only way to get around SMS 2FA is through the aforementioned Authentication Apps.
Google Authenticator is pretty good by there are others like LastPass, Microsoft Authenticator and Authy. Authentication apps are better than SMS 2FA because the codes are housed in your device and are generated by an algorithim.
There is no one else who can see them, the codes produced expire and the apps work offline.