So... what advise is there for technology comfortable people who want to mitigate the effects of data leaks like these? It seems like data provided is will be exposed eventually and company size doesn't seem correlate with data safety.
For example should people be advised to rotate phone numbers every N amount of time?
The basic stuff helps a decent amount. Assume your name, phone, email, address are all public. Don't reuse passwords, ever (use a password manager), use 2fa wherever possible, ideally not the SMS kind. Use a password manager that has a tie-in with haveibeenpwned or whatever so you know asap to change your creds.
Some extras: use unique email addresses per site if you can. Some setups allow infinite aliases. Then you can blackhole one that gets leaked, and you can know where it got leaked from.
If you can, have a separate setup (completely separate email account(s), not just aliases, and even separate hardware to access them if you can) for very important accounts, the ones that would ~ruin your life for a good bit if they got taken over (bank, retirement, etc.)
There's also credit monitoring type stuff, which I've never been clear how useful it is, but might be worthwhile. You also may get it free if some company you use has a leak and they try to PR it away that way.
I think there's some way to basically lock your credit against new accounts, I need to look into that someday, don't know the details or if it even exists.
Assume your name, phone, email, address are all public.
Someone on HN will invariably point out that this is how it was for the last hundred years, and it was only when we made computers powerful enough to abuse the information that this level of privacy became a concern.
I remember the days when your name, address, and phone number were public information. I paid something like $15/month to keep it out of the phone book.
What I recently learned, browsing through old books that a local library was throwing away, is that sometimes those phone book listings would also include things like a woman's maiden name, and the name of her husband, and/or marital status. Something like:
Smith, Margaret C (nee Jones, widow of George): 202-555-1212
>Some extras: use unique email addresses per site if you can. Some setups allow infinite aliases. Then you can blackhole one that gets leaked, and you can know where it got leaked from.
If you pay for ProtonMail, you get a SimpleLogin Premium for free, which makes the creation of dummy/alias emails a lot easier. They're owned by the same company.
The advise is to do literally nothing about it. What effect do you think this specific leak has on you? What kind of adversary do you think will be able to benefit from this data, and how?
The reality is that the data is useless trash, and there is no indication that this has actually leaked from Facebook or is showing any kind of security problem in their systems.
That remains to be seen. People are fairly ingenious when it comes to abusing information and information runs the world now. I will offer an unrelated example, partially because I do not want to give ideas on how to benefit from this. Do you remember when certain entrepreneurial billionaire offered a checkmark for sale, which resulted in people impersonating companies and manipulating their stock price[1]?
Like with most things, any tool is worth what one is able to do with it.
<< The advise is to do literally nothing about it.
I would not advise to panic, but doing nothing is not exactly great advice either. Some re-assessment of one's current security posture may be warranted.
People should be advised to not use phone numbers at all.
There was a joke "all phone numbers leaked" list that just listed everything from 000-000-0000 to 999-999-9999. If there is no other information associated (names, pictures, emails, anything) then this leak is of almost comparable severity.
kadoban|3 years ago
Some extras: use unique email addresses per site if you can. Some setups allow infinite aliases. Then you can blackhole one that gets leaked, and you can know where it got leaked from.
If you can, have a separate setup (completely separate email account(s), not just aliases, and even separate hardware to access them if you can) for very important accounts, the ones that would ~ruin your life for a good bit if they got taken over (bank, retirement, etc.)
There's also credit monitoring type stuff, which I've never been clear how useful it is, but might be worthwhile. You also may get it free if some company you use has a leak and they try to PR it away that way.
I think there's some way to basically lock your credit against new accounts, I need to look into that someday, don't know the details or if it even exists.
reaperducer|3 years ago
Someone on HN will invariably point out that this is how it was for the last hundred years, and it was only when we made computers powerful enough to abuse the information that this level of privacy became a concern.
I remember the days when your name, address, and phone number were public information. I paid something like $15/month to keep it out of the phone book.
What I recently learned, browsing through old books that a local library was throwing away, is that sometimes those phone book listings would also include things like a woman's maiden name, and the name of her husband, and/or marital status. Something like:
That part was new to me.MattDemers|3 years ago
If you pay for ProtonMail, you get a SimpleLogin Premium for free, which makes the creation of dummy/alias emails a lot easier. They're owned by the same company.
idiocrat|3 years ago
Note to myself: change the combination on my luggage.
https://www.youtube.com/watch?v=LcHnf7VQuhc
jsnell|3 years ago
The reality is that the data is useless trash, and there is no indication that this has actually leaked from Facebook or is showing any kind of security problem in their systems.
A4ET8a8uTh0|3 years ago
That remains to be seen. People are fairly ingenious when it comes to abusing information and information runs the world now. I will offer an unrelated example, partially because I do not want to give ideas on how to benefit from this. Do you remember when certain entrepreneurial billionaire offered a checkmark for sale, which resulted in people impersonating companies and manipulating their stock price[1]?
Like with most things, any tool is worth what one is able to do with it.
<< The advise is to do literally nothing about it.
I would not advise to panic, but doing nothing is not exactly great advice either. Some re-assessment of one's current security posture may be warranted.
[1]https://www.fiercepharma.com/marketing/eli-lilly-hit-new-twi...
drdaeman|3 years ago
There was a joke "all phone numbers leaked" list that just listed everything from 000-000-0000 to 999-999-9999. If there is no other information associated (names, pictures, emails, anything) then this leak is of almost comparable severity.
philjohn|3 years ago
We didn't call those leaks.
unknown|3 years ago
[deleted]
Komodai|3 years ago
[deleted]
solarkraft|3 years ago
aliqot|3 years ago