The Facebook Breach: What to Share with Your Workforce

As Security Awareness Officers often one of our roles is to keep our workforce updated on major breaches and how they impact people not just at work but in their personal lives also. By helping people professionally and personally, we not only build more trust and a stronger security culture, but we can also emphasize key behaviors that we want people to exhibit, regardless if they are at work or at home.

On 3 April it was announced that Facebook was breached and the personal records of over 500 million Facebook users was publicly released. While the breach happened on or before August 2019, all the data was recently made publicly available on hacking forums, meaning anyone now has access to it. 

Below is an email template you can use to update your workforce on the breach, what it means to them personally, and steps people can take to protect themselves. In addition, we provide links below to OUCH! security awareness newsletters that provide more information about each of the tips.

Folks, as you may have read in the news, Facebook has announced it was breached in 2019 with the personal records of over 500 million Facebook users being obtained by cyber criminals. Those 500 million records were recently publicly released so now anyone in the world could have access to them. If you had a Facebook account on or before 2019, your data may have been included in that breach and public release. Examples of your information that could have been released include your name, home address, phone number, email address, birth date or any other information you provided to Facebook. One way to check and see if your information was released is to visit the trusted site haveibeenpwned.com, maintained by security researcher Troy Hunt, and submit the email address and / or phone number you used for your Facebook account. 

If you are concerned your data was obtained and released, here are several steps you can take to help protect yourself.

• Change your password that you use for your Facebook account. This password should be strong (we recommend a passphrase) and different than any other password you use for any other account. In fact, all of your accounts should be using a unique password. Can’t remember all your passwords? Neither can we, that is why we recommend you use a Password Manager to securely store them.

• We highly recommend you enable two-factor authentication (often called 2FA, MFA or two-step verification) on your Facebook and all other accounts, especially for your personal email account and any financial or retirement accounts.

• Protect your privacy by being very careful what information you share with any websites. Always assume any website you have an account with can be hacked and your data stolen, or your information will be sold or shared with other companies. 

• Realize that you can do only so much to protect your data. Because so many other companies and organizations collect, share and sell your data, you have to assume that cyber criminals can already know a great deal about you. This means they can use your personal information to trick or fool you into making a mistake, using a technique called Social Engineering. Just because someone calls you and knows your birth date does not prove they are from your bank or the government. Just because someone emails you with your phone number or home address does not mean they are really Amazon, Apple or Microsoft. Be very careful and suspicious of emails or phone calls asking you to share personal information (such as your password, bank account or credit card) or pressuring you to take actions that seem odd or suspicious (such as paying a fine).

To learn more about how to secure yourself email the cybersecurity team at XXXX <replace XXXX with your team’s email address>