So, the data of over half a billion Facebook users was leaked and recently found floating around the internet. No, I’m not talking about hidden hacker forums or the dark web. I’m talking about that massive treasure trove of identifiable user data being dumped on publicly accessible platforms. For FREE. And at one point, it was being sold on Telegram too. Now, the number of affected users stands at over 530 million. So, were you among the unlucky ones whose data was leaked?
Well, the chances of that happening are high. As per a Statista, Facebook had roughly 2.8 billion monthly active users (MAU), around 65% of which are daily active users (DAU), a number that stands at a staggering 1.85 billion. Now, going by those figures, there’s over 20% chance that your personal data was leaked. Yes, the leak happened due to a breach in 2019, and was fixed back then, as per Facebook, but the data can still be exploited. Not convinced yet?
Why should you be worried about the Facebook data breach?
I haven't used Facebook since 2016, yet my email address was leaked too!
How much of your Facebook profile has been updated since 2019? Have you updated your email address? Or changed the mobile number linked to your Facebook account? Likely not. And this is exactly why you should be concerned. But what’s even more worrying is that it was not just email addresses, but mobile numbers were leaked as well, complete with country codes. And this leaves the doors open for all sorts of troubles such as ad targeting, phishing, etc. So, how do you check if you were among the affected users whose data was leaked?
How to check if your Facebook data was leaked too?
Go to HaveIBeenPwned.com – a database created by Troy Hunt where you can check if your email address or mobile number was part of the leak. Here’s a step-by-step guide:
- Open your web browser, type haveibeenpwned.com in the URL/search bar and hit the enter/search button. You will be greeted by a screen that looks like this:
- In the text field, enter the email address linked to your Facebook account. Or, enter the mobile number with the appropriate country code.
- If your mobile number or email address was a part of the leaked dataset, you will see this ‘pwned’ message:
- In case your Facebook account was safe from the breach, you’ll see the following ‘no pwnage found’ message.
If you’re interested in knowing more about how the HaveIBeenPwned database works, you find all the necessary details about what classifies as a breach, whether passwords are a part of it, and a lot more on this FAQ page. Additionally, if you would like to get notified about a security incident in which your email address was leaked and later added to the database, you can sign up for the NotifyMe tool here. Do keep in mind that you’ll have to confirm it once after you’ve received an email about the service.
What if your account data was leaked?
In that case, you should change the password of your Facebook account. You can do so by following this step-by-step guide. You should also go ahead and update the password of services where you used the same email for signing up. Also, enabling two-step authentication is the best idea. You can either rely on the SMS-based method for password verification, or even use a physical security key such as those offered by Yubico.
And just in case you’re wondering, a physical key works both on mobile as well as the web version on desktops. Going a step further, download a password manager app or sign up for a service like 1Password, LastPass, or Bitwarden to beef up the security and save you the hassle of remembering passwords too. And as A last piece of advice, use a complex password that can not easily be guessed. Password123 is certainly not one of those complex passwords!