WASHINGTON, DC - JULY 29: Facebook CEO Mark Zuckerberg testifies via video conference during an ... [+]
It’s a battle for the ages.
The only problem? We’re defending ourselves with fly swatters.
Social media companies like Facebook are constantly collecting information about what we do online. That new pair of Reebok shoes that popped up in your feed? It’s no coincidence. The data being mined about your online activity is a treasure trove for advertisers and hackers alike.
We’re not talking about mere cookies in Google Chrome that track your web visits. It’s your email. Your address, phone number, and birth date.
This data is so readily available to anyone it’s almost comical. We might as well stand on a street corner and hand out copies of our social security card to people passing by or hold up a sign with our banking account and routing number on full display.
Recently, a security expert revealed that 533 million Facebook records are available in broad daylight (meaning: for free), available for cherry picking by would-be criminals. The leak occurred way back in 2019 and involved a sophisticated algorithm that was able to match up a leaked phone number with other Facebook user data, including where you live.
With some leaks, such as stolen passwords and other account information, you can typically protect yourself by resetting your logins. Think of that type of leak as someone stealing your credit card. You can always close the account and request a new card. You have some protection thanks to the credit card company itself.
Because this new leak involves data that is out in the wild and contains sensitive personal information circulating widely among thousands of hackers, there’s not much you can do about it. It’s more than just passwords. In this case, it’s more like someone could impersonate you because of your birthdate and where you live (things that are difficult to change), and the possibility for identity theft is higher.
It's all about the type of data available. Hackers often use social engineering tactics to impersonate people online. They might try to register for a new account at your bank using your email and phone, armed with your city and state data to “prove” it’s you. They are remarkably persuasive when it comes to calling a tech support line as well.
It’s also easier than ever to access this data without paying for it. With a few clicks, criminals can start impersonating you and break into a credit card site or hack your email with a few clicks. (It doesn’t help that people still use their birthdate as a common password.) Not only that, but Facebook itself doesn’t seem too motivated to track down the culprits. The leak occurred over two years ago, and it’s been circulating for so long there are likely few breadcrumbs left to trace.
I mentioned there is almost nothing we can do, however. One security strategy has to do with vigilance. Most of us barely pay attention to our bank accounts and credit card statements, but keeping an eye on fraudulent charges is a wise strategy because it means you can start fighting it. Now is the time.
Another good tactic is to start closing down extra accounts, including any credit cards you don’t need. As any military expert will tell you, in combat, it’s smart to make yourself less of a target. Decrease the number of accounts available for attack. Reduce how much personal information is even out there.
It might feel like you are plugging holes in a chain-length fence, but the reality is that it is smart to close down any extra accounts you don’t use because that means one less attack vector for hackers. We know social media companies are here to stay. We know the data is out there. The smartest approach is to at least look for ways to become a little less vulnerable.
