The data includes phone numbers, email addresses, full names, birthdates, location and other Facebook biography details.
However, a Facebook spokesman said in a statement to Newsweek that this is old data connected to a problem that was addressed in 2019. At the time, Facebook removed people’s ability to directly find others using their phone numbers on both Facebook and Instagram because the function could be exploited to imitate Facebook and provide a phone number order to find out which user it belonged to.
A sample of the data in the new breach matched previously known data related to the contact importer vulnerability problem that was fixed in August 2019, according to the Facebook spokesman.
While there are no dedicated tools available to check if Facebook information was included in the leak, users can check if their data was compromised through their email.
People can enter their email address on the website HaveIBeenPwned (HIBP), and the website will inform you if the email was involved in any data breaches. You can also sign up for notifications when the email is found in a new data breach.
The site was created by Troy Hunt “as a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or ‘pwned’ in a data breach,” according to the HIBP website.
According to HIBP, only about 1 percent, or 2.5 million, of the records from this Facebook leak included email addresses. “The primary value of the data is the association of phone numbers to identities,” the HBIP website said.
There are no trusted websites currently to check if your phone number was included in a breach. The News Each Day is a website in which you can input your phone number to find out if it was part of the breach, but the site is not well known.
Hunt created a poll on Twitter Saturday to ask whether Facebook phone numbers should be searchable on the HBIP website.
Even if your email does not appear in the breach, it can be helpful to take steps to protect your online data from a future breach.
Cybersecurity expert and author of Future Crimes Marc Goodman told Newsweek the first step is choosing what you want to share with Facebook online.
“When you’re dealing with a company like Facebook, you have a lot of say in what information you share with them,” Goodman said. “And the more you share, the more that you should expect to leak.”
Additionally, people should update their app software.
“We’re constantly finding bugs in software,” he said. “And so every time you boot up your Apple or Android phone and they have a new release of the Facebook app, that’s a very nice way of saying we found security holes in the prior release for the Facebook app. So every time somebody tells you to update, you’re likely plugging security holes to do that.”
It is also essential to not only have a strong, unique password but also to not reuse those same passwords for multiple websites.
“Even if you have a strong password, using that strong password across multiple sites is incredibly stupid,” Goodman said. “If you’re using the same username and password across multiple sites, once any one of your accounts leaks, the bad guys automatically test those against numerous other sites.”
In addition, using tools like password managers and two-factor authentication (2FA) apps can be helpful in protecting your data.
Tools such as 1Password, Dashlane and Bitward can generate unique passwords and securely save them so you won’t forget how to log in to your online accounts.
Apps like Duo Mobile, Microsoft Authenticator or Google Authenticator will send a four-digit code to your phone or email before you log in, in order to secure accounts like your bank account or work email.
You can also set up 2FA directly on Facebook in the app’s privacy settings.
