The private information of more than 267 Million Facebook users (mostly living in the U.S.) was exposed for more than two weeks in an unsecured database on the dark web. According to published reports by the cybersecurity firm Comparitech and security researcher Bob Diachenko, Facebook IDs, phone numbers and names were exposed online for anyone to see for a two-week period before access to the server was shutdown.
It is still unclear how the ID’s and phone numbers were obtained, but the likely possibilities are that they were obtained by scraping and abuse of Facebook’s developer API. Scraping is when automated bots copy large amounts of data from websites and stores the info in a database for analysis. There remains a possibility that the data was stolen from API before the company restricted access to users’ phone numbers back in 2018.
What should you do???
• Adjust your profile privacy settings in Facebook. (1. In Facebook, go to “Settings” and select “Privacy”. 2. Change the setting for all appropriate fiels to either “Friends” or “Only me”. 3 Under the question: “Do you want search engines outside of Facebook to link to your profile?” – Make sure you select “No”.
• Use messaging apps with end-to-end encryption. Always use secure passwords and regularly review permission settings on Mobile apps.
• Be very wary (as you always should be anyway) of any suspicious text messages. Even if it seems clear as to whom you are speaking, keep an eye out for anything out of the normal that makes you question the texters’ identity. The more you know someone, the more you understand their communication nuances. Don’t be afraid to ask or challenge if you pick up an indication that something is off.
Ultimately, it’s important to realize that if your data and information is out there somewhere, anywhere, on the internet, there’s a realistic chance that it has been or will be exposed. Anytime you turn over information, even to large, powerful companies with plenty of resources, know that someone is trying to get to it. Regularly and responsibly changing passwords, updating security settings, and taking advantage of newly released privacy and security measures is just common sense and good practice.
Wayne can be reached at firstname.lastname@example.org