In recent weeks, there have been many notable news items headlining social media platforms and their data security/availability of user data.
The BBC reported that details of more than 530 million people were leaked by Facebook, following a data breach in 2019.
The leaked database has been found published on a hacking forum, making it free and widely available. The Facebook data largely consists of user’s mobile numbers, but email addresses have also been found to be available.
Another recent article published by Hot for Security outlined that data aggregated from LinkedIn is available for sale. About half a billion user’s data records are up for sale on an underground forum. The types of data included are full names, email addresses, phone numbers, gender, professional titles, job-related descriptions, profile and social media profile links – so quite a lot!
This data, however, wasn’t gained in a data breach. LinkedIn states that this information was gleaned by various means including web-scraping techniques, which clearly violate the platform’s terms of services.
Whilst no financial data has been included either of the above leaked information reports, it still has value in the right hands. Information can be used by cyber criminals in social engineering, phishing or smishing attacks.
So how do you protect yourself from potential attacks?
You can do a few things but here’s some top-level ones you might consider.
- Enable two-factor authentication on your online accounts so if anyone does try to hack your accounts, you will be alerted of the attempt.
- Keep an eye out for unsolicited and suspicious email, text or LinkedIn chat conversations.
- Also keep an eye out for phishing emails. Don’t click on suspicious links you might receive in your Inbox. Head to the official website and look for notifications.
If you are concerned about what information may have been leaked about you online, there are a number of tools you can use. For example, ‘Have I Been Pwned’ is a free online tool that checks if your email address, passwords or number has been compromised. If you do find something here then it is likely we can source the actual password stolen/leaked for you to take corrective action if you reuse passwords this is extremely important.
Alternatively, get in touch with us and we can conduct a dark web scan which checks databases for leaked information based on your domain.