So yesterday (4th October) Facebook had a bad day. First of all there was the whistleblowing on their “profit over public good”. You can read more at The Guardian here.
Then Facebook, WhatsApp and Instagram all disappeared. For over 6 hours. During that time, reports of a massive 1.5 billion user data breach also began appearing. Was there a link? Had Facebook been hacked? Do you need to do anything?
What caused the Facebook Outage?
As well as some people realising for the first time that Facebook owns Instagram and WhatsApp (that’s an unhealthy monopoly …) rumours were rife that Facebook had been hacked. Those rumours intensified when details of a 1.5billion user data breach began to appear. But they had not been hacked. The good people over at Cloudflare were pretty quickly able to identify the problem. If you are interested they have a very technical article here explaining it.
Here’s my simplified explanation: Routine patch to network breaks the thing that tells *literally everything else* (including the internet) where to find each other. No Facebook, no WhatsApp, no Instagram. For Facebook employees it was even worse – no emails or internal systems, and no way to access buildings because their ID cards also broke. Oops.
So not hack. Just a routine maintenance patch that went catastrophically wrong (these things are very easy to do … I’ve seen a few!).
What about the 1.5 billion user data breach?
This is still a developing situation, but it appears to be completely unrelated. Last week reports of the data being for sale began to surface on the ‘dark web’. It looks like this is not the result of a hack or a breach, but rather a (humungous) “scrape” of data which is already publicly available on Facebook. This Privacy Affairs article explains what happened (and has been updated in real time to bust the myths that this was a hack or was in any way connected to the outage).
What data is impacted?
It depends on your profile but data could include name, email, phone number, location, gender, and user ID.
Passwords are safe (but should be unique and secure!).
Should I be concerned?
Yes. These email addresses, and limited personal information could be used in phishing scams. It’s pretty much inevitable they will be used this way. So stay alert and stay safe online. I have a couple of blog posts which can help:
Here’s my takeaway from those articles. If you only do 3 things, make them these:
- Use unique passwords. Everywhere.
- Never click on links in emails.
- Make sure you have a good antivirus.
If you can, also use 2 factor authentication on important accounts. This means you have to enter a code (perhaps sent to your phone, or generated via an authenticator app) to log in, as well as a password. Even if you give away your password, someone won’t be able to access the account without your phone.
Secure Your Facebook Account
Good security practices can help make sure that minimal data can be scraped. So review your privacy settings, and make the following changes: Make sure only ‘friends of friends’ can find you on Facebook, and lock down your email address and phone number so that ‘only you’ can see them. You can do that via the privacy checkup here: https://www.facebook.com/privacy/checkup/?source=settings_and_privacy