WASHINGTON, DC – JULY 29: Facebook CEO Mark Zuckerberg testifies via video conference during a … [+]
It’s a fight for the ages.
The only problem? We defend ourselves with fly swatters.
Social media companies like Facebook are constantly collecting information about what we do online. That new pair of Reebok shoes that showed up on your feed? It is not a coincidence. The data gathered about your online activities is a treasure trove for advertisers and hackers.
We’re not just talking about cookies in Google Chrome that track your web visits. It is your email. Your address, telephone number and your date of birth.
This data is so readily available to anyone that it is almost weird. We might as well stand on a street corner handing out copies of our social security cards to people passing by, or holding up a sign with our bank account and routing number.
Recently, a security expert announced that in broad daylight there are 533 million Facebook records available (i.e. free) that are available from potential criminals for the cherry picking. The leak occurred back in 2019 and involved a sophisticated algorithm that could match a leaked phone number with other Facebook user data, including where you live.
For some leaks, like stolen passwords and other account information, you can usually protect yourself by resetting your logins. Think of this type of leak as someone stealing your credit card. You can always close the account and request a new card. You have some protection thanks to the credit card company itself.
Since this new leak is data released in the wild and contains sensitive personal information that is widely shared among thousands of hackers, there is not much you can do about it. It’s more than just passwords. In this case, it’s more like someone can impersonate you based on your date of birth and where you live (things that are hard to change), and the chances of identity theft are higher.
It’s all about the type of data available. Hackers often use social engineering tactics to impersonate people online. You could try registering for a new account with your bank using your email address and phone. They are armed with your city and state data to “prove” that you are. They’re remarkably convincing when it comes to calling tech support as well.
It’s also easier than ever to access this data without paying for it. With just a few clicks, criminals can impersonate you and break into a credit card website or hack your email with just a few clicks. (It doesn’t help that people still use their date of birth as a shared password.) Not only that, but Facebook itself doesn’t seem too motivated to track down the culprits. The leak occurred over two years ago and it has been circulating for so long that there are probably few breadcrumbs left to trace.
However, I mentioned that there is almost nothing we can do. A security strategy has to do with vigilance. Most of us pay little attention to our bank accounts and credit card statements, but keeping an eye on fraudulent charges is a smart strategy as it means you can start fighting them. Now is the time.
Another good tactic is to close additional accounts, including unneeded credit cards. As any military expert will tell you, in combat it is wise to target less. Reduce the number of accounts available for attack. Reduce how much personal information is out there in the first place.
It may feel like you’re poking holes in a chain-length fence, but the reality is that it’s smart to close extra accounts that you don’t use as it means one less attack vector for hackers. We know social media companies will stay here. We know the data is out there. The smartest approach is to at least look for ways to become a little less vulnerable.