Why Having a Facebook Account Might Result In Identity Theft

Facebook is no stranger to data breaches and privacy hacks. There have been a few data breaches to hit the top social media platform. 

Probably the most well-known issue was the Cambridge Analytica scandal, where 50 million Facebook profiles were illegally acquired and sold for use in the 2016 political campaign. Last September, Facebook was in the news again because of another data breach where 30 million users’ phone numbers and email addresses were stolen. This breach involved data tokens allowing cybercriminals to take control of user accounts. Along with phone numbers and emails, hackers got away with personal information such as gender, username, language, relationship status, religion, birthdate, device types used to access Facebook, current city of residence, current employment, education details, and even likes and follows as well as their most recent searches. Before this latest breach, another 50 million accounts were breached due to a vulnerability in the system and three bugs in the code. As a precautionary measure, Facebook reset 90 million passwords forcing users to reset them. 

When Did Facebook Data Breach Happen?

In April of 2019, there was another serious Facebook data breach, another in a line of data breaches going back a few years. This time, 540 million Facebook user records were stolen and publicly displayed on an Amazon cloud server. It was discovered by a security research firm that two Facebook app developers breached Facebook’s data center, took the records, and posted them publicly. One was a Mexican firm called Cultura Colectiva, and the other was an app called “At the Pool.” 

Cambridge Analytica Scandal

The Cambridge Analytica scandal centered on a new feature called Open Graph, which Facebook opened up to developers in April of 2010. This feature allowed apps to request user permission to access personal data such as name, gender, location, birthday, education, political preferences, relationship status, religious views, online chat status, and more. It also allowed access to the user’s private messages, and once permission was given, the app could then dig further into their friend’s data without asking their permission.

Then in 2013, Aleksandr Kogan, then with Global Science Research, developed an app called “this is your digital life.” It was basically a personality survey that asked questions to create a psychological profile for users. Apparently, 300,000 Facebook users took the survey. As a part of this research, the app harvested millions of user’s personal data. 

Then in 2014, Facebook changed its permission so that app developers could only gain access to the user’s data, not their friends, but it was not made retroactive. In 2015, all that data acquired by Cambridge Analytica was used for Ted Cruz’s presidential campaign. Reports in 2016 claim that Donald Trump also used the services of Cambridge Analytica and the stolen data to manipulate Facebook marketing campaigns. 

In March 2018, Whistleblower Christopher Wylie exposed the Cambridge Analytica scandal and delivered the details to The Guardian and The New York Times, both of which ran feature stories about the data breach. Soon after, the Federal Trade Commission (FTC) got involved and launched an investigation. Facebook founder Mark Zuckerberg was asked to testify and took out ads in both newspapers apologizing for the misuse of trust. The investigation led to fines by the FTC, and as a result, Facebook’s permissions and privacy settings were drastically updated, but it didn’t serve to keep the hackers out.

Check If You're a Victim of Facebook Data Breach

Amid so many facebook identity theft incidents, there is a good chance you may have been affected by at least one of them. After the September 2018 data breach, Facebook created a page where you can go to check if your data was included in the hack. Things like account names, user IDs, friend’s information, comments on posts, and even unprotected passwords were stolen, so it is a good idea to check.

The Steps of Recovery if Your Data Was Breached

If you find out that your data was breached on Facebook, the first thing you should do is change your account password. Since personal details have been breached and those identifiers can be used to steal your identity, you will also want to take other actions:

• Monitor your bank and credit card statements.

• Sign up for credit monitoring (IDStrong.com offers this service).

• Freeze your credit accounts so that no one can open any new accounts without your permission. 

• Change your logins and use very strong passwords.

Can My Facebook Information be Used for Fraud?

Cybercriminals use your personal information to steal your identity and sometimes to try and hack into your computer and take control of it so they can demand ransom money, which is a form of identity theft. Details like your date of birth and home address can be enough for them to find your social security number on the dark web, and then they have all they need to open accounts in your name or obtain a passport or driver’s license. You cannot be careful when it comes to protecting your information. Sites like Facebook are a breeding ground for hackers. Share as little as you can in terms of private details on social media websites. 

Although you can’t stop a data breach on Facebook, you can protect yourself. Follow the steps below to protect your accounts and your personal details:

• Don’t share your account logins with anyone.

• Always keep your antivirus software updated and run scans often.

• Don’t accept friend requests from people you do not know.

• Never click a link or open an attachment sent to you in an email you receive from a stranger, even if they look like they are from Facebook, they may be phishing emails.

• Sign up for two-factor authentication so your Facebook login will be more secure.