On 4th April 2021, another data breach was announced that occurred back in August 2019. This time it was Facebook with over 500 million users now having their phone numbers publicly available as well as a mixture of names, gender, email addresses, dates of birth, location, relationship status and employer details published. What can you do now?
As a business owner:
Have you signed up to a free service like https://haveibeenpwned.com and completed a check on all your organisation’s email accounts, called a Domain Search?
If user details appear, it may be prudent to force a password change on those accounts. Although it doesn’t look like this breach involved passwords, affected users may also be subject to other breaches where passwords have been compromised. Using a technique called credential stuffing, data from other breaches can be merged to allow unauthorised access to accounts where the user has used the same password across multiple accounts.
Are your systems configured to prevent a user from using breached passwords. There is a solution that stops users selecting a new password if its already on a breached list.
Have you activated 2 factor authentication on your organisations email accounts? Even with the correct password, access without a code to a fresh device wont be granted.
Have you provided any security awareness training for your staff. Knowing staff have had an input about the signs and symptoms of phishing emails and smishing scam text messages, knowing how to respond will make your first and last line of defence safer?
As an individual:
Are you registered with a free service like https://haveibeenpwned.com and completed a check on all your email accounts?
Have you turned on 2-factor authentication on your email account?
All users effected by this data breach will likely be the subject of future email and text scams.
We can help start that journey to make you safer, head to www.secrc.co.uk/membership.