SALT LAKE CITY – Facebook said it fixed a technical glitch that allowed hackers to steal information on 533 million users a year-and-a-half ago. The data leak came to light recently when someone posted personal data of those hundreds of millions of people on a widely used online forum for hackers. Users may have to deal with the fallout for some time to come.
Hackers got access to information on 533 million people including names, locations, emails, birthdates, Facebook usernames, and phone numbers.
On Tuesday, Facebook on its blog wrote all that data was stolen in 2019 when malicious actors took advantage of a vulnerability with its contact importer tool. It is a feature designed to help users find friends on Facebook using their phone contacts. The social media giant said they fixed it back then and said they are confident the issue no longer exists.
That has not fixed the consequences faced by the hundreds of millions of affected users said cybersecurity expert Alex Hamerstone, the risk management director at cybersecurity firm, TrustedSec.
"A lot of information doesn't change," Hamerstone said. "So, saying it's older – it feels like a bit of a cop-out. If you're talking only two years and you're talking about this kind of data – names and phone numbers – it's probably pretty close to being current data."
Hamerstone told us that even if the leaked data is two years old, bad guys will always find it useful. Since our names, emails, phone numbers, birthdates don't change much in two years, they still can use it to trick us into sending them money or share more details.
"Every time this happens, it oftentimes triggers a whole slew of new scams and marketing initiatives and robocalls and everything else," he elaborated. "So, the potential for this to kind of cause another wave of phishing and scams is pretty large."
So, what now?
Hamerstone recommended users change their passwords, even if it appears the data thieves didn't steal passwords in this case. Make sure your new password is not easy to guess and that you are not using it on any other website.
Also, enable two-factor authentication so that accessing your account will require at least two proofs of identity.
"It's an extra layer (of cybersecurity)," Hamerstone said. "So, anything important, whether it's banking or Facebook or email, setting up that two-factor authentication so somebody who just knows your username and password can't log in, may be extremely important."
Another thing users can do to protect themselves right now is to watch out for an influx of impostor scams.
"Watch out for phishing. Be careful what you're clicking on," Hamerstone warned. "You'll want to make sure the emails you're getting are really from who they purport to be."
Hamerstone also said you should watch your social media, banking, and other accounts like a hawk for suspicious activity and alerts that someone else may be logging in.
To learn how to enable two-factor authentication on your Facebook account, this link will take you to Facebook's instructions.
To see if your information was exposed in the latest revealed leak, this link will take you to the trusted cybersecurity website, HaveIBeenPwned.
"But really, just assume that your data is out there," said Hamerstone. "I hate to say it, but it's probably true."