Australians are being urged to secure their social media accounts after the details of more than 500 million global Facebook users were leaked online in a massive data breach.
Details posted freely on the internet included names, phone numbers, email addresses, account IDs and bios.
In a statement, Facebook said the information leaks were outdated and came from a problem that was resolved in 2019, but experts told the Guardian Australia that the data could cause problems for users involved in the breach.
What could hackers do with your information? How can you check if your data has been leaked? And what can you do to protect yourself?
How your information could be used
Dr. Andrew Quodling, a researcher in social media platform governance at Queensland University of Technology, said the data could be used to access people’s Facebook accounts, as well as emails and accounts with other social media sites.
Once a hacker has your email, he can try to log in to your accounts by combining your email with simple passwords.
“People will make it easy to execute in simple hacks – try the 100 most common passwords and try to crack them down,” he said. “So anyone using password 123 on this list will have a problem.”
How to find out if your data has been leaked
The quickest and easiest way to find out if your data has been leaked as part of a wider breach is to check on sites run by security researchers.
One of the most popular and effective of these sites is HaveIBeenPwned.com, a database maintained by security analyst Troy Hunt.
All you need is your email, which refers to more than 10 billion accounts that have been compromised in the past to find out if your data has been leaked online.
It also has an option for users to check if their password has been breached.
Unfortunately, it does not yet track phone numbers, which was the most common user domain in the recent Facebook leak.
What to do if your data has been compromised
In any data breach, it is important to ensure that identity documents, such as the driver’s license and passport details, are not breached. If they have, replace them immediately.
If your email address was exposed, change your password for this account and set up two-factor authentication where possible.
To protect yourself in the future, use a password manager – such as 1 password, LastPass or Keeper. These are paid services that can generate large and difficult passwords for your accounts and save them so you don’t have to remember them.
But Dr Quodling warns that there are only so many things users can do to prevent their data from being used, other than stopping social media platforms altogether.
“You could be deeply aware and safe about security and continue to be caught up in inadequate security practices in other organizations you rely on,” he said.
“The challenge is always how much risk are you personally willing to take?”