A more than 2-year-old data breach of Facebook information is back in the news and in terms of data breaches, this one is pretty bad. The Facebook information was taken by hackers two years ago and includes phone numbers, names, birthdates, gender, Facebook ID, and location of over 32 million Facebook users in the United States alone. Facebook CEO Mark Zuckerberg's information was included in the breach.
The data has been for sale on the dark web for a while now, but over the weekend someone posted the information for free to a hacker forum, which means the information is now in the hands of hackers all over the world.
The post was discovered by the website www.bleepingcomputer.com.
Why is this breach so much worse than others? It groups some of the most important information hackers use to contact people or steal identities. Facebook requires users to link a phone number to their account which is one of the hardest things for hackers to get associated with names. While people can change email addresses, no one changes phone numbers.
Although Facebook says the flaw that caused the data leak was repaired after being discovered, the personal information of those Facebook users is most likely still valid. Hackers can use the information in a number of ways. The very least of which is contacting you by phone and addressing you by name. That might well lead someone to believe what the cyber-criminal is saying.
They could also do what's called a SIM Swap. They contact your carrier using your number and claim to have lost their phone. If the wireless carrier changes the number, the hacker could intercept any calls, texts, or 2-factor authentication of credit card or bank accounts. Serious stuff.
So what should you do at this point? Go to the website haveIbeenpawned, to see if your email address has been compromised. If you don't see it, that doesn't mean your Facebook information wasn't included in the leak, but you will be able to see any data breaches that compromised your email address. It's a good place to start.
Pay close attention to any billing statements to make sure there isn't something you don't recognize. Change your passwords. While that isn't going to remedy the situation if your information has been stolen, it will prevent cyber-criminals from using the password to try and access your other accounts.
Be aware, you could get phone calls from scammers asking for you by name. Remember, no bank, government or other official agency contacts people by phone.
About 20% of Facebook users in the United States had their Facebook information stolen so it's ONLY a 2-10 chance yours was included. Still, err on the side of caution and assume the bad guys have your personal information.