Facebook’s data breach: what you need to know

On April 3rd, it was revealed that records relating to 533 million Facebook users had been released on a hacking forum.

Facebook has acknowledged the breach, advising the data was extracted in 2019, and that the security vulnerability had been closed.

It is estimated that 13 million British user accounts are contained in the set. Private details of these users include their full names, locations, dates of birth and - in some cases - their email addresses.

Are you affected?

It’s a very good idea to check whether your data may have been exposed using the tool at: https://haveibeenpwned.com/. Simply enter your email address or telephone number in the search field provided.

This tool will let you know whether your data has been exposed, both in this and other breaches. It is not exhaustive, but useful for monitoring if you value your online privacy and safety.

Some data breaches result in passwords being disclosed, and this can be a real problem as many people reuse the same password across different services. This is similar to having one key that can open your front door, your car and your safe. Losing the key once means that all services are vulnerable.

If your password may have been disclosed in any breach, you should change it immediately. Always use different passwords on different services, ensuring they are complex. Consider using Password Management software, and always enable two-factor authentication where it is offered, even on your personal accounts.

What is likely to happen now

For criminals, this trove of information from Facebook is highly valuable. Affected individuals are likely to experience an ongoing increase in dangerous scam emails.

As an example, emails will likely be sent claiming to represent a law firm (either fictitious, or a fraudulent use of a recognised brand) undertaking a class action against Facebook on a no-win no-fee basis; an attractive proposition. Individuals will be asked to complete a form revealing more personal data. This additional information will again be sold many times for use in further scams, increasing the number being targeted at you.

Scams and phishing emails take many different forms. In most cases, these emails entice you to disclose further information, or are attempting to spread malicious software (also known as malware) to your computer. In nearly all cases, the criminals are trying to find a way to extract money from you.

Protect yourself

Offers that appear too good to be true often are. It is likely that you are not the beneficiary of an unknown millionaire’s estate, nor are you the lucky recipient of a £500 supermarket gift card.

The most effective scams are enticing or believable. Fear and gain are powerfully emotive and are very effective at encouraging targets to undertake an action against their better judgement, becoming a victim.

Always be wary of emails or telephone calls from unknown parties. Minimise the amount of private information you share online, as each data point can be used to manipulate you.

If in doubt, always delete the email or terminate the phone call. Never disclose your bank or payment card details or make transfers requested by unknown entities.

Further guidance is available from the National Cyber Security Centre: