Last Friday, Facebook announced that it had suffered a data breach in which personal information of approximately fifty million of its users was compromised. The presently unidentified hackers accessed the information through software flaws in its “View As” feature which permits Facebook users to see what information others can see about them. Ironically, this feature was installed to enhance the privacy of Facebook users. By exploiting this flaw, the hackers would also be able to gain access to apps such as Spotify, Instagram and many other apps that permit users to log into their systems through Facebook. The data breach is still being investigated and we still do not know the full extent of the personal information accessed through the data breach. As I have warned you repeatedly, your security is only as good as the security of the weakest place that holds information about you, which is why it is important to limit the information held by companies and others with which you do business to the minimum that they need.
TIPS
If you have used Facebook to log in to apps and other accounts, you should check to see which apps and websites you have accessed through your Facebook account. You can find this information by going to your Facebook settings under “apps and websites.” From there click on “logged in using Facebook” to see what apps and accounts my be vulnerable. You may wish to remove these apps and websites from being accessed through Facebook as a precautionary measure. You also may wish to change your passwords for these accounts. While Facebook says that you do not need to protect your account by changing your Facebook account, it still may make sense to change your Facebook password and while you are at it, make sure that you are using unique passwords for each of your online accounts. You also may want to consider enabling dual factor authentication for your Facebook account that will help prevent someone from misusing your Facebook account. So long as you are accessing your Facebook account from your usual devices, there is no inconvenience.
Finally, whenever personal information is stolen, there is always the possibility that the personal information will be leveraged by a cybercriminal to send you specifically socially engineered spear phishing emails intended to lure you into clicking on links in the emails that will download dangerous malware on to your computer or phone. Never click on any link unless you have verified that it is legitimate.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”