Facebook breach: your personal data compromised

Facebook has been hacked and some fifty million user accounts were breached. Facebook doesn’t know the full extent of the compromise because for many Facebook users, it is not just their Facebook account which has been breached

Do you ‘daisy chain’? It is the simplest and weakest part of the vast majority of online accounts and it is easy to see why. Remembering unique, complex passwords for each of your online accounts is near impossible so just using the one email address and one password across them all makes perfect sense. Except that it is very insecure.

Imagine that you have just one key to open your house, your garage and your garden shed. Imagine that same key opens and operates your car. Both your cars. And it opens the vault in your bank with your cash in it. You only need to carry a single key about with you but even as I’m suggesting this you know what a major security risk this would pose in the real world. Online, the threat to your personal data is far greater.

Facebook backdoor to your AirBnB

Every account you have that uses the same login as you use for Facebook is breached too. This includes the accounts where you ‘login with Facebook’. Potentially, not only has your Facebook data been stolen, but so has the data in any account sharing the login.

You might have never bought anything via Facebook, so it does not hold any financial data but what about Spotify and AirBnb? If you have multiple logins using the same email and password combination, then you need to change all of those passwords to unique ones, and you should unhook all those accounts you have linked to your Facebook (or Google, or Twitter) accounts.

How does the hack of one account, breach another?

The hackers have not breached 50+ million accounts individually by sending out 50+ million phishing emails. Brute force attacks break into databases and extract huge volumes of data with sophisticated software. Similarly, sophisticated software can then try out millions of logins to accounts on Amazon, Netflix, eBay, PayPal, et al. Once the hackers have your key, they’ll try it in every lock they can.

What should I do?

Unhook any accounts you use Facebook logins with and, indeed, any other shared logins. There are different procedures for each of these and you’ll need to Google each one (and don’t forget to ditch all shared  Google logins while you are there).

Any accounts which you are unable to remove a shared login for, or are unsure about, should be deleted and a new account created.

Each of the accounts you login to should have a unique password, and it should be a strong one. Use a password manager to manage your logins.

Do not install third-party apps in other services. Never give up your Facebook or Google logins to other services. If an app cannot be run on its own, unique password, then do not use it. If you are not paying for a product, then you are the product.