(dpa) — The phone numbers and email addresses of hundreds of millions of Facebook users were recently discovered on a hacker forum.
According to the social network, the data was captured using a security hole that Facebook closed in August 2019.
However, such leaks are also possible without security holes or direct hacker attacks. Apps, which collect lots of personal data not only from their users, but also potentially from those users’ friends, can also be a source of leaks.
“Apps are a way of collecting such personal data that is now appearing in dark channels,” says Hauke Mormann from the North Rhine-Westphalia consumer centre in Germany.
Often those affected aren’t even aware that the apps are collecting their personal data.
The apps can be third-party ones that use Facebook as a platform for games and the like. They can also be the kind that allow users to log in using their Facebook credentials, for example, for shopping.
This is convenient for users as they don’t have to set up an additional account to use the shopping site. Such personal data can then be misused by dubious providers and used for identity theft, for example.
Facebook has a page where users can check whether they have used apps on the social network that have collected unauthorised data.
Facebook says it blocks such apps once they’re discovered. The page also leads to an area where users can control access rights for apps and websites.
Mormann advises giving these apps as little access to your data as possible. However, the disadvantage to this is is that the apps may not work properly without full access.
If you want to see whether your personal data such as email addresses, phone numbers and log-in data has been leaked you can visit a website such as https://haveibeenpwned.com or the Identity Leak Checker of the Hasso Plattner Institute.
If you find your data has been leaked you should change your password immediately and never re-use it.
But what about phishing attempts and spam that arrive via your email address or phone number?
“As long as you don’t change your email address or phone number, you will have to live with it,” Mormann says.
However, you should block dubious senders and delete their emails and texts immediately. And of course never click on any links.
You should also be wary of misspellings or cryptic sender or link addresses in emails or texts that purport to come from well-known and reputable companies.
“The general plausibility of the offers and senders must be checked,” says Mormann. “Would the parcel service really send me an SMS with strange and incoherent links?”
It’s best to use a different email address for social networks than for banking and insurance transactions, Mormann advises, and use your name, date of birth, email address and phone number as sparingly as possible on the internet.