The recent incident of personal data being leaked from Facebook’s servers is just one more demonstration that even the best cloud services are not flawless. Therefore, every user should have a plan of action in case of a crash.
If you’re still unaware of the news, just before the weekend, the Facebook security team admitted that due to an error in the Facebook code, contact details of 6 million users were made accessible to unauthorized persons. More specifically, if a person went to download an archive of their Facebook account through the Download Your Information (DYI) tool, they may have been provided with additional email addresses or telephone numbers of their contacts or people with whom they have some connection. To prevent further damage, Facebook temporarily blocked the DYI tool. But once leaked, your data is public forever.
If your data has been downloaded by someone, Facebook will send a notification letter to you. The company does not answer the question “who specifically has downloaded my data”, but specifies the number of such persons, which is typically only one or two. Because of the limited size of this leak, it’s not likely that this data will be used for identity theft or other dangerous activities. However, you should still stay vigilant and pay attention to any unexpected letters or calls involving your leaked emails/numbers.
Cybercriminals often use such occasions to send out phishing letters, so be careful while reading and clicking any links. The Facebook letter only has one link to the Facebook site (https://www.facebook.com/security/notes) and contains this text:
You don’t need to type in any credentials, including your password, on this page.
To minimize damage caused to you by this and similar leaks, follow these rules when signing up for any cloud service:
- Use a trusted e-mail address to receive notifications from social networks. You’ll need a separate email to communicate with your colleagues and friends and another highly secure account to receive letters from your bank and other important institutions.
- Consider having a separate cell phone number for important information.
- Use unique and complicated passwords for every web service you use. You can use Kaspersky PURE to manage your passwords.
- There is always a possibility of error. If you made some post or photo “friend only” or even “private,” it doesn’t guarantee that no one will ever see it. It is best to share sensitive items in person, or by means of direct communication.
- If you store data in the cloud only for yourself, consider encrypting it.