While the recent Facebook hacking message being widely circulated was essentially a hoax, the data breach announced by Facebook a couple of weeks ago presents a serious threat to the security of thirty million people affected by the data breach. Facebook announced that it had suffered a data breach in which personal information of approximately thirty million of its users was compromised. The presently unidentified hackers accessed the information through software flaws in its “View As” feature which permits Facebook users to see what information others can see about them. The personal information compromised included names, phone numbers, birth dates, relationship status, gender and work status. Ironically, this feature was installed to enhance the privacy of Facebook users. By exploiting this flaw, the hackers would also be able to gain access to apps such as Spotify, Instagram and many other apps that permit users to log into their systems through Facebook. As I have warned you repeatedly, your security is only as good as the security of the weakest place that holds information about you, which is why it is important to limit the information held by companies and others with which you do business to the minimum that they need. The compromised information could be used in a variety of ways to harm you such as using the information to answer security questions at online accounts, change your password and gain access to those accounts or form the basis for carefully crafted spear phishing emails, smishing text messages and vishing phone calls all of which could be done to lure you into clicking on links and downloading dangerous malware or providing personal information that can be used to make you a victim of identity theft. Names and birth dates in particular are often be used by banks or medical care providers over the phone to confirm legitimacy. While it is fun to have many birthday wishes appear on your Facebook page, you are probably better served by not making that information public.
TIPS
If you have used Facebook to log in to apps and other accounts, you should check to see which apps and websites you have accessed through your Facebook account. You can find this information by going to your Facebook settings under “apps and websites.” From there click on “logged in using Facebook” to see what apps and accounts my be vulnerable. You may wish to remove these apps and websites from being accessed through Facebook as a precautionary measure. You also may wish to change your passwords for these accounts. While Facebook says that you do not need to protect your account by changing your Facebook account, it still may make sense to change your Facebook password and while you are at it, make sure that you are using unique passwords for each of your online accounts. You also may want to consider enabling dual factor authentication for your Facebook account that will help prevent someone from misusing your Facebook account. So long as you are accessing your Facebook account from your usual devices, there is no inconvenience.
If you want to find out if you were one of the victims of the data breach, click on this link provided by Facebook https://www.facebook.com/help/securitynotice?ref=sec
Finally, whenever personal information is stolen, there is always the possibility that the personal information will be leveraged by a cybercriminal to send you specifically socially engineered spear phishing emails or smishing text messages intended to lure you into clicking on links in the emails and text messages that will download dangerous malware on to your computer or phone. Never click on any link unless you have verified that it is legitimate.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”