Experts urge users to secure accounts and passwords after breach exposes personal details of more than 500 million people

Australians are being urged to secure their social media accounts after the details of more than 500 million global Facebook users were found online in a massive data breach.

The details published freely online included names, phone numbers, email addresses, account IDs and bios.

In a statement, Facebook said the leaked information was old, and came from a problem it had resolved in 2019, but experts told Guardian Australia the data could still cause problems for users caught up in the breach.

So what might hackers do with your info? How can you check if your data was leaked? And what can you do to protect yourself?

How your information could be used

Dr Andrew Quodling, a researcher in governance of social media platforms at the Queensland University of Technology, said that the data could be used to gain access to people’s Facebook accounts but also emails and accounts with other social media sites.

Once a hacker has your email, they can try to login into your accounts by pairing your email with simple passwords.

“People will take a sort of an easy run at simple hacks – try the top 100 most common passwords, and try to get in with brute force,” he said. “So anyone using the password 123 on that list would be in trouble.”

How to find out if your data was leaked

The quickest and easiest way to find out if your data has been leaked as part of a wider breach is to check on websites run by security researchers.Advertisementhttps://c488e380389038a9348be2733772ff24.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

One of the most popular and effective of these sites is HaveIBeenPwned.com, a database maintained by security analyst Troy Hunt.

It only needs your email, which it cross-references with more than 10bn accounts that have been breached in the past to find if your details were leaked online.

It also has an option, for users to check if their password has been compromised.

Unfortunately, it does not yet track phone numbers, which were the most common user field in the recent Facebook leak.

What to do if your data was breached

In any data breach, it’s important to ensure identity documents, such as driver’s licence and passport details, haven’t been compromised. If they have, replace them immediately.

If your email address was exposed, change your password for that account, and set up two-factor authentication where possible.

To protect yourself in future, use a password manager – such as 1password, LastPass or Keeper. These are paid services which can generate long and difficult passwords for your accounts, and store them for you so you don’t have to remember them.

But Dr Quodling warns that there is only so much users can do to prevent their data being used, apart from just quitting the social media platforms altogether.

“You could be profoundly security conscious and secure, and still get caught out by insufficient security practices at other organisations you rely on,” he said.

“The challenge is always how much of a risk are you personally willing to take?”

… we have a small favour to ask. You’ve read more than 948 articles in the last year, making you one of our top readers globally. And you’re not alone; through these turbulent and challenging times, millions rely on the Guardian for independent journalism that stands for truth and integrity. Readers chose to support us financially more than 1.5 million times in 2020, joining existing supporters in 180 countries.

With your help, we will continue to provide high-impact reporting that can counter misinformation and offer an authoritative, trustworthy source of news for everyone. With no shareholders or billionaire owner, we set our own agenda and provide truth-seeking journalism that’s free from commercial and political influence. When it’s never mattered more, we can investigate and challenge without fear or favour.

Unlike many others, we have maintained our choice: to keep Guardian journalism open for all readers, regardless of where they live or what they can afford to pay. We do this because we believe in information equality, where everyone deserves to read accurate news and thoughtful analysis. Greater numbers of people are staying well-informed on world events, and being inspired to take meaningful action.

We aim to offer readers a comprehensive, international perspective on critical events shaping our world – from the Black Lives Matter movement, to the new American administration, Brexit, and the world’s slow emergence from a global pandemic. We are committed to upholding our reputation for urgent, powerful reporting on the climate emergency, and made the decision to reject advertising from fossil fuel companies, divest from the oil and gas industries, and set a course to achieve net zero emissions by 2030.

Source: https://www.theguardian.com/technology/2021/apr/05/facebook-data-leak-2021-breach-check-australia-users