Facebook Data Leak
Facebook Data Leak
A data leak involving the personal data of hundreds of millions of Facebook users, which is also believed to include the personal data of over 100,00 Maltese users, is currently being investigated by the Irish Data Protection Commission, which is the EU lead supervisory authority responsible for Facebook.
The users’ personal data, particularly email addresses and mobile phone numbers, may be used by attackers for various unlawful purposes, such as unsolicited communication and identity theft. The Commissioner specifically warns about the risk of ‘SIM swapping’, which is an attack technique where the legitimate owner’s phone number is used to breach into online services that rely exactly on one’s phone number for authentication purposes, and also ‘smishing’ which is a cyberattack using deceiving text messages to lure victims in clicking on malicious links to steal more personal data from the users.
The Commissioner sends out a general advice and encourages users to implement additional security measures, namely:
- change your password as soon as possible, especially if you suspect that you have been affected by the breach;
- check your “Security and Login” dashboard on Facebook to ensure where you’re logged in, and deactivate any unknown device;
- choose to receive alerts in case of unauthorised logins;
- use a multi-factor authentication application for securing your email and Facebook account;
- remove the phone-based second authentication after setting up your multi-factor authentication application;
- familiarise yourself with the most common Facebook scams, such as dodgy apps, quizzes that promise gifts, hidden content, etc.;
- use unique strong passwords and avoid using personal data such as name, surname, date of birth, address and phone number; and
- use a password manager to generate and save long and strong passwords, which should keep your information protected from attacks or snooping.
The Commissioner strongly urges all the exposed users to remain vigilant over the coming weeks, particularly to watch out for any irregular activity on mobile devices and emails or any unusual requests by means of email or telephone calls.
In the event that users notice irregular activity happening on their mobile devices or email accounts, for instance, a loss in network signal in places where usually the strength is full, the Commissioner advises users to contact their relevant network carrier or the law enforcement authorities.