Australians urged to check if they’re among 500 million hacked
More than half a billion Facebook accounts have had their personal information exposed, cybersecurity experts revealed over the weekend, with experts now urging Australian users to secure their accounts.
Facebook said the issue that caused the leak has been patched, but there’s no way for it to realistically recover and protect the leaked personal information, which includes email addresses, physical addresses and phone numbers.
Facebook also hasn’t provided a way for users to check if their data has been scraped.
Seven million Australian accounts are among those whose data has been compromised. However, there’s one easy way to find out - to some extent - if your information has been exposed.
Third-party website, haveibeenpwned.com.au, allows users to check if their email was involved in the data breach.
However, that’s not a foolproof solution: of the 553 million accounts exposed, only 2.5 million included emails. That means that even though users have around a 20 per cent chance of being involved in the breach, less than 1 per cent actually had their email included in the stolen data.
Security expert and HaveIBeenPwned creator Troy Hunt said the website is now considering whether to allow users to search for whether their mobile phone number has been exposed.
Should the FB phone numbers be searchable in @haveibeenpwned? I’m thinking through the pros and cons in terms of the value it adds to impacted people versus the risk presented if it’s used to help resolve numbers to identities (you’d still need the source data to do that).
— Troy Hunt (@troyhunt) April 4, 2021
Hunt said ultimately Facebook needs to provide the means for users to see if their data has been exposed, and to make a statement on how the massive leak occurred.
“The problem with this whole situation is that in a vacuum of information, people speculate,” he said on Twitter.
“Facebook needs to make a clear statement on the data that’s in broad circulation; when it happened, where it came from and what’s in it. Without that, confusion and speculation reign.”
Website The News Each Day has also released a tool which allows users to check if their phone number is involved. However, that site is not as well-established and only allows American users to check their phone numbers.
What do I do if my data has been breached?
If your data has been shared, it’s important to change your email password and set up two-factor authentication.
It’s also not a bad idea to set up two-factor authentication and use a password manager like LastPass. These services create long and difficult passwords, then store them for users.
Finally, check that your identity documents like passport and driver's licence haven’t been compromised.