From international corporations to local businesses, entrepreneurs across the country have embraced Facebook as an integral part of their online presence. Given a late-June CNN report that the social media platform now has more than 2 billion users, that makes sense. Unfortunately, cybercriminals also see it as an opportunity.
Last week, major news outlets like ABC, CNN, and NPR reported 50 million accounts using Facebook’s new “View As” feature were compromised. While it’s not yet known how much information was directly accessed by the unnamed hackers, we asked Chris—one of our IT gurus—what people should do if they’ve been affected.
CHRIS: The last Facebook hack was a little unusual, because they did not experience a data breach per se. The hack exploited Facebook’s login service, which affects any service that has the ‘log in using your Facebook account’ feature. That means it affects your Facebook account and anything else linked to it.
RYAN: If your Facebook profile and any services you log into using Facebook—like, for example, Spotify—were affected, what should you do to secure those accounts?
CHRIS: First, change your password on all platforms that are connected to Facebook and implement two-factor authentication on those accounts. Be sure to do this for any other accounts that might have the same login and password.
RYAN: While we’re on the subject of using the same username and password for multiple accounts, the IRS Security Summit has been stressing the importance of using unique usernames and passwords for every online account.
If you use the same login information for your Facebook that you use for your tax-preparation software, then having your Facebook profile compromised means potentially handing identity thieves the keys to your tax-prep kingdom.
CHRIS: That’s absolutely right. And if your Facebook account was compromised, you will also want to let your friends and family know, just in case strange messages were being posted before you changed your password and activated two-factor authentication.
RYAN: Let’s assume I’ve wrestled my accounts back from the hackers by changing passwords and adding extra layers of security. What should I do next?
CHRIS: Monitor any account associated with the breached identity for strange activity, and notify the company immediately if you find something. Be on the lookout for any future social manipulation or phishing attacks using the stolen data, too.
RYAN: What should I do if the hackers managed to access sensitive financial information, like a bank account, credit card number, or even my Social Security Number?
CHRIS: If you think any financial data was compromised, contact the affiliated financial institution immediately and get new cards and accounts issued. You may even need to notify credit reporting bureaus and ask for a fraud alert or freeze on your name and monitor for identity fraud.
RYAN: Let’s assume I was lucky and this Facebook hack didn’t affect me whatsoever. What are some things I can do to better protect my online information?
CHRIS: I would not post any personal information on social media, such as full name, address, financial details, or anything that could be used for social manipulation or identity fraud—and do not use a single service for all logins. Instead, use an encrypted password manager to store each individual login.