Half a billion of stolen Facebook data on the Internet. How to protect your privacy properly?

The Internet is a place of unlimited possibilities. People are spending more and more time behind a computer or mobile phone, what is not necessarily linked to the fact that most of the activities, both work and private, have moved to online space during the COVID-19 pandemic.

Today, the Internet is one of the most important tools for social interactions. Our life is directly connected with information technologies that we use for work, communication with friends, shopping, information gathering as well as for spending our free time like playing games or watching movies and series.

Entering the virtual world also involves sharing our privacy and providing our personal information. In order to register on social media platforms you are required to provide your e-mail address, first name, surname, date of birth and a phone number, while for shopping via e-shops you must also provide your address and possibly other personal information. On special-purpose platforms you are asked to provide where you work and what is your post.

Most of us go even further — we share photos, videos and opinions with our friends and also publicly, as well as what we do every day and where we are at the moment. Our digital identity is the electronic print of our physical identity.

However, unlike the physical world, the Internet has an advantage and a disadvantage at the same time — it remembers. On the Internet, information is almost eternal and often quite easily accessible. This can be proved by a recent release of more than 500 million data leaked from Facebook social media platform or by a data leak from half a billion LinkedIn accounts.

So, how to stay safe online with respect to the privacy? What to do to prevent attackers from obtaining our sensitive data or controlling our devices? How to behave when the data have already been leaked?

Your information is important

A mental setting like “Nobody cares about my information” is wrong. Attackers do not look at particular users during big data leaks. They want to obtain as much information as they can in one shot.

Even a relatively innocent data leak from a small website of the e-shop can cause a big problem. Each type of information on the Internet has its financial value, including personal data which are sold on the black market. The price depends on the amount and complexity of the information about an individual user.

We provide a wide range of information on various websites. For example, when placing an order in the e-shop with clothing we provide the permanent address, delivery address (which may be for example the address of the company where we work), e-mail and a phone number in addition to a name and a surname. When shopping frequently or repeatedly, users prefer to save payment details in the system of the e-shop operator.  

Most often, the attacker sells this information on the DarkWeb to other interested parties; for example personal information to sexual predators — in an era of social media platforms there is no problem to find a picture of the person according to their name or to find out their age.

Information on card details can be abused by attackers for purchases or can be sold to other interested parties.

In both cases, we lose a lot — in the first case, the privacy, in the second one, the money.

Data leaks have an extra dimension too. Information from leaks can be combined and compared. Attackers are able to piece together a comprehensive picture of the user’s data and behaviour from partial information and various sources.

Literally everything you provide on any website, social media platform or in application has its value. The more you go into your privacy, the more value it has for attackers.

The value of our information should not be underestimated. We do not like to share our privacy in the real world, why should we do it online? At home, we do not leave the door wide open either.

Think about what you are sharing

Nowadays, it seems that without the information required by various websites, applications or social media platforms, you are not able to use them fully.

On the one hand, using an example of the e-shop, it would probably be impossible to order goods from the e-shop without providing the address. But on the other hand, is it necessary to save payment card details in e-shops’ systems?

Regarding e. g. the social media platforms, it is a different situation. Social media platforms want a lot of information from you that they do not really need for their running and it is not an added value for you — from personal information such as place of residence, education and employment, through family relations and religious beliefs, to phone numbers and e-mails.

A set of data allows them to create a complete picture of you and your life. If we add the information that you share additionally, such as the holiday photos (do not forget that many photos have a location information), photos of your children, families and friends, places visited, current locations, opinions, comments, thoughts — the picture of your life is almost complete.

Nowadays, a number of social media platforms have implemented facial recognition tools. You may appear in photos about which you do not even know or you can inadvertently infringe on somebody’s privacy by tagging them.

In this way, we lose our privacy and provide a pretext for malicious activities to cybercriminals, and also we give the opportunity to companies to make money from using our data. For example, Facebook generates almost 98 percent of its revenue from selling advertising space based on detailed knowledge of you and your activities.

My data leaked. What to do now?

Users are able to control what they publish about themselves on the Internet and what information they provide. But what if a social media platform, website or an app does not protect your data and they leak.

If they are already “out”, you cannot do anything about it. The reason that your data have also leaked is because you provided them. And at that moment, you can only regret doing so.

In this situation, there are, however, several steps that you should take. Along with your data, also your login and password actually always leak. Most people use the same login, password or both of them on multiple services.

Therefore, it is necessary to change immediately these login credentials on every service where you use them. From now on, use a unique and complex password for every social media platform, app or website.

You can also completely deactivate your account. Data leaks pose a problem not only for big services, but also for small websites. If you do not use the service, cancel your account and thus avoid the problem in the future.

Although deactivation does not return your data, it will ensure that the attacker does not obtain further information, for example by logging in to your account. Keep in mind that deactivation of an account does not solve the problem of leaked login data; you have to change them anyway.

If you are one of the victims of data leakage, find out what other data have leaked in addition to your password, and act accordingly. Block credit cards and check if something unusual is happening with your accounts (not only the one that leaked, but also the accounts where you used the same password), such as attempts to log in from other devices, successful logins and activities that you did not create (writing statuses, sending messages…).

Check if the two-factor authentication is not disabled (for sure turn it on if not used before) or if there are no other changes in settings that you have not made.  

One of the consequences of leaked data is that the attackers will gain control over your accounts in various services. This type of problem must be dealt with a service provider. The service provider is the only one who is able to solve your problem and return your account under your control. Although you will be asked for a great deal of information to verify the legitimacy of your request, it is certainly worth cooperating with them.

« Späť na zoznam