Facebook Announces Data Breach

Security Update: Facebook Data Breach

As you may have read in the news, Facebook has announced it was breached in 2019 and the personal records of over 500 million Facebook users were obtained by cyber criminals. Those 500 million records were recently publicly released so now anyone in the world could have access to them. 

If you had a Facebook account on or before 2019, your data may have been included in that breach and public release. Examples of your information that could have been released include your name, home address, phone number, email address, birth date or any other information you provided to Facebook. One way to check and see if your information was released is to visit the trusted site haveibeenpwned.com, maintained by security researcher Troy Hunt, and submit the email address and/or phone number you used for your Facebook account.

How to Protect Your Data

If you are concerned your data was obtained and released, here are several steps you can take to help protect yourself:

  • Change your password that you use for your Facebook account. This password should be strong (we recommend a passphrase) and different from any other password you use for any other account. In fact, all of your accounts should be using a unique password. Can’t remember all your passwords? Neither can we, that is why we recommend you use a Password Manager to securely store them.
  • Enable two-factor authentication. We highly recommend you enable two-factor authentication (often called 2FA, MFA or two-step verification) on your Facebook and all other accounts, especially for your personal email account and any financial or retirement accounts.
  • Take care in sharing your information. Protect your privacy by being very careful what information you share with any websites. Always assume any website you have an account on can be hacked and your data stolen, or your information will be sold or shared with other companies.
  • Realize that you can do only so much to protect your data. Because so many other companies and organizations collect, share and sell your data, you have to assume that cyber criminals can already know a great deal about you. This means they can use your personal information to trick or fool you into making a mistake, using a technique called Social Engineering. Just because someone calls you and knows your birth date does not prove they are from your bank or the government. Just because someone emails you with your phone number or home address does not mean they are really Amazon, Apple or Microsoft. Be very careful and suspicious of emails or phone calls asking you to share personal information (such as your password, bank account or credit card) or pressuring you to take actions that seem odd or suspicious (such as paying a fine).

To learn more about how to stay safe online, review the University's resources for Practicing Safe Computing. Not sure about an email or have any security questions? Email [email protected].