Another day, another data breach. Here’s how to see if you’ve been exposed
Use a password manager and two-factor authentication, and stay on guard against phishing attacks if your information gets publicly revealed.
In early April, security experts made public the details of yet another Facebook data breach, this one affecting over half a billion users. As originally reported by Business Insider ( go. pcworld.com/533m), in this incident personal information on 533 million Facebook users spanning 106 countries surfaced in a hacking forum, with records including email addresses, phone numbers, full names, locations, birthdays, and relationship statuses. This data traces back to a vulnerability fixed by Facebook in 2019, which allowed the scraping of profiles.
If that data set includes you, you’ll want to protect yourself in the future. The first step is to check whether you’re part of the breach. One of the best known sites tracking major data breaches is Have I Been Pwned ( haveibeenpwned.com), which has the trust of many security experts and government agencies across the globe. Its premise is simple: You enter your email address into its lookup tool to find out which breaches you’ve been in and the extent of the info leaked.
For this latest Facebook breach, site owner Troy Hunt added the ability to search by phone number as well, which was previously an unsupported feature. (Having trouble getting it to work? Read these detailed instructions [ go.pcworld.com/dins] on Hunt’s blog.) Try both your email address and your phone number when performing a search—the type of information divulged by the breach varies for each profile. Checking your info through Have I Been Pwned will also reveal any other breaches you’ve been exposed in.
If you find that you are a part of this data dump (or others), your next steps should be to change any duplicate or weak passwords. You can easily manage unique, strong passwords using a password manager ( go.pcworld.com/ bsmn) like Lastpass ( go.pcworld.com/1pss) or Bitwarden ( go.pcworld.com/bwrd). Consider adding two-factor authentication ( go.pcworld. com/tfct) to accounts and taking further steps like creating a separate email address for password recovery ( go.pcworld.com/spem), too. Finally, be on guard for any phishing attempts using this personal information attempting to gain your trust.