Published 7:07 PM EDT Oct 12, 2018
Were you one of the 30 million Facebook users who just got a heads up that your data was compromised? If you haven't heard from Facebook yet, it doesn't necessarily mean you're in the clear. You still might want to check the Help Center to see if your info has been hit.
So just to back up a bit, on Friday, Facebook revealed that, hey, instead of the original number of 50 million, it was actually 20 million fewer. OK, that sounds better, right? Except that private personal information is now very much in peril.
As a quick refresh: On Sept. 25, Facebook discovered a vulnerability that would let hackers get your phone number and email address, and for about 14 million people even more personal information like recent searches on the social network, your location history, religion and relationship status and the types of devices you use to access the service. In other words, more details about who you are, where you go, what you're interested in and what you use.
More: 50 million Facebook accounts were exposed: What we know, what you can do
More: Facebook hack update: Nearly 30 million users' data stolen. How to find out if you're one of them
Now Facebook says it doesn’t know if the attackers will exploit any of the information they have accessed – its investigation is ongoing – but that data can allow the hackers or third parties to use it to create and spread spam on Facebook or off.
And here's one big concern: Identify theft is a genuine risk, too.
How paranoid should you be?
By having a general sense of where you are and what you like, the bad guys can “use that to their advantage when doing things like open new accounts, sign up for services, look more like you ultimately,” says Al Pascual, senior vice president for research and head of fraud and security at Javelin Strategy & Research.
Pascual believes, though, that larger risk comes with “phishing,” in which scammers masquerading as real financial institutions or other companies send emails and messages with sweet offers based on your interests to get you to unwittingly surrender more personal details.
That means, of course, keeping your guard up, especially if the communications you are receiving are unsolicited.
“You just need to be more skeptical, which you should already be anyway,” Pascual says. Do not open documents from unfamiliar businesses. But also be wary if you get a come-on from a company you do know but weren’t anticipating hearing from, “even if it looks like something you care about. That’s what criminals are playing on.”
You can always manually visit a site to verify a deal, but never, ever click on a suspect link. Repeat: Do not click the link that came to you in that email that just landed.
Treat emails and messages that purport to come from Facebook with equal suspicion, and check with the company if you’re not sure. Go with your gut: If something smells fishy, it probably is.
Common sense safeguards
You should practice common sense security anyway, even if such best practices may not help if you’ve been victimized by the Facebook breach. You hear it all time, but don’t use the same passwords at each place, and don’t play into a criminal’s hands by making those passwords easy to sniff out.
"People are very, very bad about following good password hygiene,” Pasqual says.
Example: It is not that hard to find the name of your pet, especially if you post pictures of her on social media. So don’t use Fluffy as your password.
You can also greatly reduce your risk by using a password manager such as Dashlane, 1Password and LastPass, essentially vaults for complex and unique passwords, that can automatically fill in passwords when you visit a financial or other website.
More: Wait, what? If you still use Wi-Fi hotspots, read this
Another recommendation is to be careful accessing free public Wi-Fi. If possible, use a reputable VPN, or virtual private network, when communicating with your employer. And tapping into a public network isn't exactly the best time to do your online banking.
“We’ve been trained to take advantage of free Wi-Fi everywhere that we no longer even think about whether or not that stuff is safe,” Pasqual says.
Meantime, if you know you’re one of the accounts exposed by Facebook, or are scared off because of it, another viable option is a service such as LifeLock, or IdentityForce, which may help prevent identify theft before it happens, alert you if there might be an issue, or assist you on retrieving an identify that is stolen.
Of course, the very nature of a social network such as Facebook is that we reveal tons of information about ourselves on purpose: where we went to school, where we went on vacation, what our politics are or the sports teams that we root for.
Facebook deserves all the criticism it is getting for what some might deem security negligence. But in many cases, you’ll find the biggest leakers of privacy by looking at the selfie you just posted.
Is it time to call it quits on the social network? Share your thoughts in the comments, email or on Twitter with @edbaig.
Contributing: Jessica Guynn, Janna Herron