How to Protect Your Information After Google+ and Facebook Data Breaches
Facebook last month announced that it was hacked and that up to 50 million user accounts were potentially compromised. Although Facebook has since revised that down to 30 million users that were affected, the company has also revealed that the breach was worse than first announced when it couldn’t say whether the hackers misused any accounts or if they accessed any user’s account information.
Moreover, the once-wannabe social media challenger to Facebook, Google+, announced that it hid for over six months knowledge of a bug that exposed personal details of up to a half-million accounts.
Both social media platforms have access to a lot of personal data about their users, so make sure to take steps to protect your personal and private information as Google+ prepares to shut down and Facebook lives on.
Google+ data breach
Google announced in early October that it found a bug in its social networking platform, Google+. The Wall Street Journal said Google discovered and patched the bug in March, but it, “exposed the private data” of about 500,000 users. Google “then opted not to disclose the issue this past spring, in part because of fears that doing so would draw regulatory scrutiny and cause reputational damage.”
Online publication Data Breach Today said Google didn’t disclose where the affected users are located and didn’t notify users when it first discovered the data breach because, “internal review found that it would not be able to identify which users to inform, and also concluded that there was no ‘evidence of misuse’ or actions that developers or users might take.”
Facebook data breach
News of Facebook’s recent data breach was reported extensively last month and was included on Nuvision’s blog covering fraud, data protection and cybersecurity. At the time, it was unclear if anyone’s personal information was compromised. However, Facebook since revealed that 30 million accounts were affected (20 million less than the original estimate), but that hackers did gain access to personal information.
According to TechnologyReview.com, up to 14 million breached accounts, “had details such as their religion, birthplace, and place of work exposed.” The other 16 million accounts “suffered no data loss or had only their e-mail and/or other contact details stolen.”
Consumer Reports said the stolen personal data might be more valuable than financial information or your Social Security number. “[T]his breach delivered that data directly, giving hackers a head start for potential identity theft crimes.” In addition, “Criminals could also use such data to build robust bios that become powerful weapons in phishing scams.”
How do you know if your account was compromised?
With such a relatively small number of Google+ accounts involved in the data breach, it’s unlikely that your account was involved. However, if you have a Google+ account, you might want to consider simply deleting your account anyway.
Google+ was supposed to be Google’s answer to Facebook when it launched in 2011. It never gained traction and was labeled a failure as early as 2015 by media analysts. Moreover, a Google blog post published October 8, 2018 confirmed that fact: “The consumer version of Google+ currently has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds.”
Almost immediately after Google announced the data breach, it announced that it will shut down the consumer version of Google+ by August 2019. (Google said will continue to operate an enterprise version of Google+ for companies.) Since not many people are using it and since it won’t be around much longer anyway, deleting your Google+ account might be your best option.
If you choose to go that route, CNET explains the steps to delete Google+:
- First, download your data
- Delete your Google+ profile
- If you have the Google+ Android app, disable or delete it
- How do I restore my deleted Google+ profile?
Facebook is another story
Facebook doesn’t appear to be going away anytime soon. If you are among the 2 billion users who use it to stay connected with friends and family, share pictures, document vacations, or follow your favorite credit union on social media, deleting your account is probably not an option you want to consider.
So, how do you know if the data breach compromised your account?
- Visit https://www.facebook.com/help/securitynotice?ref=sec and make sure you are logged in to your account.
In addition, TechnologyReview.com says the company will contact anyone who may have lost data and will offer advice regarding suspicious e-mails.
What to do next
Cybersecurity experts offer varying suggestions on the best way to protect your account and your information.
The Federal Trade Commission offered two pieces of advice about the Facebook data breach:
- Watch out for imposter scams; and
- Consider changing your password.
Fast Company wrote about 4 simple steps to stay safer right now. They include:
- Use secure passwords and a trusted password manager;
- Check your Facebook settings and posts;
- Enable two-factor authentication and notifications; and
- Watch for phishing scams.
Nuvision also offered similar suggestions, such as:
- Seven considerations before giving a company your personal information;
- Create a strong, unique and readily-accessible password; and
- Monitor your accounts.
On the other hand, CNET wrote that after Facebook's hack, there's a lot of useless post-breach advice.
For example, CNET said there is no need to change your Facebook password because passwords weren’t stolen. “The attackers took access tokens, which are digital keys granted to users after the first login so they won't need a password for future sessions.” Facebook reset the access tokens for all affected accounts. You might have noticed that if you had to re-log in after the data breach was announced.
That’s true. The article’s main criticism is that changing your password now or following the other suggestions won’t protect your account from any data that has already been stolen. However, CNET points out that taking precautions (such as those covered on Nuvision’s fraud protection blog) can help protect against new hacks, just not those that have already happened.
Which is why it is important to take some time now to safeguard your mobile phone, your tablet, your PCs, your laptops and your accounts. It’s not complicated and is well worth the small investment of time. After all, would you rather take a few minutes a couple times a month to stay on top of the latest fraud prevention tips and suggestions, or spend hours over weeks or months to fight identity theft, repair your credit, or recover lost funds?
Stay on top of fraud trends and news
Nuvision is your credit union resource for alerts, news, and information about fraud, identity theft, financial and data protection, and cybersecurity. Learn about fraud protection and follow Nuvision on Facebook and Twitter to receive updates when new articles are published.