![]() Maybe tell your bank that you were born in Green Bay (where your favorite team plays) rather than Sarasota, where you were actually born.īrookman adds that an attack like this this should encourage consumers to adopt security best practices such as two-factor authentication, strong, unique passphrases, and credit freezes.įinally, be skeptical of unexpected queries, even if they sound legit. “Don’t put anything on Facebook that you wouldn’t want public,” Guido, of Trail of Bits, says.Īnd when answering those pesky account security questions, you can give an answer that’s not quite accurate but remains easy for you to remember. Who’s to know (besides you and a few close friends) if you substitute the date of your anniversary-or the publication date of the novel "1984"-for your birthday? The dozens of acquaintances who offer you birthday wishes every year will be none the wiser. When you’re setting up an account, you don’t have to tell the whole truth. One important step is to simply, well, lie. ![]() “Just because Facebook wants your hometown, your gender, and your birthdate, you don’t have to give it to them,” the World Privacy Forum's Dixon says. More broadly, this is a good time to rethink what you post on social media. "It's definitely worthwhile to see what information of yours was accessed as a result of this breach by following this Facebook link," CR's Brookman says. “Once it gets out of the bottle, it’s extremely difficult-if not impossible-to get it back in.” “Digital data is like a genie in a bottle,” Oppenheim says. ![]() You can even get a new Social Security number if your first one is stolen.īut the telling details on your Facebook account-your birthdate, where you were born, your first pet’s name-that is forever. You can-and should-change passwords after a breach. In the end, personally identifiable data will endure in a way that financial information may not. “They talk about things they wouldn’t want their employer or their spouse to know. “People do a lot of very personal things on Facebook,” he says. The Facebook data could also end up being used in ransomware or blackmailing attacks, warns Casey Oppenheim, founder of the data security firm Disconnect. In contrast, personal details stolen in data breaches of retailers or data brokerages can be off-base, since it has been inferred from consumer behavior. After all, it was entered into Facebook's computer systems by consumers themselves. The thing that could make Facebook data extra-valuable to criminals, says Ernesto Falcon, legislative counsel at the Electronic Frontier Foundation, is its accuracy. “Suddenly, it makes it believable enough that I suspend my suspicions.” “They call and say, ‘This is Chase, and we notice that you went to Bob’s House of Tacos last Thursday,’” he says. Imagine a scenario where a thief pretends to be calling from a bank, using photos or location data from a social media account to obtain valuable account information. “If they know specific things-my mom’s name, my kids’ names, their birthdates-they could easily look legitimate,” says Sam McLane, chief technology services officer at the cybersecurity firm Arctic Wolf Networks. When a cybercriminal knows the haunts and hobbies of a potential victim-the kind of information collected about millions of the victims of the Facebook attack-it dramatically increases their odds of success. ![]() But this breach delivered that data directly, giving hackers a head start for potential identity theft crimes.Ĭriminals could also use such data to build robust bios that become powerful weapons in phishing scams, where personalized emails trick consumers into revealing financial information or clicking on links that plant malware on their computers. ![]() With some sleuthing, a determined cybercriminal might uncover some of these personal details on a Facebook page, assuming you leave your page open to public view in your privacy settings. So banks and other services have moved toward using personal data-mother’s maiden name, pets’ names, the street you grew up on-to protect important accounts. In today’s digital world, that information is hard to safeguard-and it may have been compromised in previous data breaches. “But it’s no longer possible to accurately identify people using those trust markers.” In the past, services that handle financial transactions and sensitive information generally asked you for a Social Security or driver’s license number to confirm your identity, says Dan Guido, founder of the cybersecurity firm Trail of Bits. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |