Breaking News

Hackers stole millions of Facebook users’ personal data — here’s why you should be worried

Mark Zuckerberg, CEO of Facebook, which revealed Friday that a hacking attack compromised the personal data of millions of its users.

  • Some 30 million Facebook users were victims of the hacking attack it revealed recently.
  • That attack exposed the personal information of many users, including their names, phone numbers, birth dates, and more.
  • That kind of information could be used for identity theft and to compromise users' financial and other accounts, security and privacy experts say.
  • The exposure of that data can also pose particular and obvious dangers to people who are trying to keep a low profile, such as victims of domestic violence.
If you're one of the victims of the recently revealed hack of Facebook, you should be extra careful on the internet — and extra watchful of your other online and offline accounts.
The data hackers gleaned from the social network could be used for identity theft, and to access accounts ranging from those at banks and other financial institutions to online stores. It also could be used in so-called spear phishing attacks, in which hackers use the information they know about particular users to send them personalized messages that convince them to leak their passwords or other critical data.
"Given the scale of this — which was really surprising — and how much information was scraped … people can be legitimately concerned," said Justin Brookman, director of privacy and technology policy at Consumers Union, the publisher of Consumer Reports.
Some 30 million accounts were compromised in the attack, which Facebook first announced two weeks ago. The hackers were able to gain access to names and phones numbers of nearly all of those users as well as personal details such as birth dates, relationship status, gender, and education and work histories for 14 million of them.
The exposure of those kinds of personal details can be particularly dangerous to people who are trying keep a low profile, such as those who have been the victims of domestic abuse or protestors worried about reprisals from their governments. It can also create problems for people who were trying to keep certain parts of their lives private from the wider world, such as their sexual orientation or their religious affiliations.

The data from Facebook could be used to access bank accounts

But it can be risky to everyday users as well. That's because in the hands of malicious actors, this data can be used to hijack accounts on other services besides Facebook.
The password reset feature on many sites asks users to answer certain security questions. Those questions often ask for just the kind of personal details that were revealed in the Facebook hack, Brookman said.
But it's not just online accounts that are at risk. Information such as names and birth dates can also be used to gain access to banking accounts or medical records over the phone, said John Simpson, director of privacy and technology at Consumer Watchdog, a consumer advocacy group. That kind of information "can be tremendously empowering" to hackers, he said.
"They can take that information and definitely parlay it into information that can scam the individual," he said. "Potentially, there's some real damage that can be done to people."
Even the leak of just a phone number can pose a risk. To protect their accounts on various websites, many users have been turning on two-factor authentication, a security technique that often requires users when logging into their accounts to enter a special code in addition to their passwords. Many sites send that code via the SMS text messaging system to users' cell phones.
Security researchers have known for years, though, that the SMS system is vulnerable to hacking attacks. By knowing a user's phone number, a malicious actor could potentially intercept the two-factor authentication code and use it to gain control of the user's account.

No comments