Regardless of whether the gap lasts for a day, a month or forever, a new program “Facebook Email Search” shows again why you might not want to use your regular e-mail address for the sprawling social media site – or why really. As a researcher foundIt’s pathetically easy to search through a large list of email addresses and link them to real Facebook accounts.
The scope of the tool is pretty significant – up to five million email addresses a day if it’s really on the rise – and it can link Facebook accounts to those emails regardless of the account owner’s security settings. You may have made your Facebook profile as private as possible, but that doesn’t stop the tool from doing its magic.
While this type of vulnerability does not pose a direct threat to your security as no one can use the existence of your email address as a way to break into your Facebook account, this is still another data point that you probably don’t want to use not be tied up in a huge database. This information could be used to dox or fish you at a later date, or who knows what else – attackers can get a lot more creative with a wealth of data about you, your related accounts, and some leaked passwords.
Since Facebook is a juicy target for attacks and Data breachesand chances are that the majority of users of the service are unlikely to be ready to part with it for good. One of the best things you can do for yourself is to use fake data about yourself wherever possible. You should have at least one email address on Facebook that you don’t use with any other service (and ideally a separate phone number, also).
Changing this data on Facebook is easy: all you have to do is go to your elementary school Facebook settings page to change your email address, or “contact” as Facebook calls it. Add a new one, make it the primary, and delete the old one – it’s that simple. You’re about to perform a similar process to switch to a new phone number. All in all, the switchover shouldn’t take more than ten minutes. That includes the time you spend digging through your inbox or text messages waiting for Facebook to send you new confirmations.
G / O Media can receive a commission
In a perfect world, you would use a unique email address (and phone number, if applicable) for all of your social services. The former is pretty easy to set up and manage, especially if you have a password manager do all the heavy lifting. The latter is a lot harder to deal with, and it’s something you can probably avoid if you stop giving your phone number to the services you use. The exception, of course, is when a service only offers two-factor authentication. It is better to enable this than to forego it. However, you can avoid this entirely if you can set up with a service too conventional two-factor authentication with a third party app.
If this all sounds like a lot to remember, it shouldn’t be. Just keep that one word in mind when you’re setting up a new service or reviewing the information you’ve already shared with a service: obfuscation. If a service doesn’t need to know your actual information in order to give you access, you don’t have to cough it up. The more you can hide your critical information like your name, date of birth, email address, phone number, and real address, the better off poking around with smart people.