It’s Time to Go to a Bogus Facebook Email Address
Whether the loophole lasts a day, a month, or forever, the new Facebook Email Finder will show you again why you might not want to use your regular email address for a burgeoning social networking site – or anything else. As the researchers found , it’s very easy to loop over a large list of email addresses and link them to real Facebook accounts.
The capabilities of this tool are quite significant – up to five million email addresses per day when it is actually promoted – and it can link Facebook accounts to specified emails regardless of the account owner’s security settings. You may have made your Facebook profile as private as possible, but that doesn’t stop the tool from doing wonders.
While such a vulnerability does not pose a direct threat to your security, since no one can use your email address as a way to hack into your Facebook account, this is another data point that you probably don’t know. I don’t want to be tied to some giant database. This information can be used for doxing or phishing in the future, or for some unknown reason – attackers can get quite creative when they have a large amount of data about you, your associated accounts and several leaked passwords.
Since Facebook is an attractive target for attacks and data breaches , and the likelihood is high that most people using the service probably won’t want to part with it forever, one of the best things you can do for yourself is to use fake data about yourself wherever possible. At a minimum, you should use an email address on Facebook that you don’t use with any other service (ideally a separate phone number ).
Changing this data on Facebook is very simple: all you have to do is visit your main Facebook settings page to start changing your email address, or “Contact,” as Facebook calls it. Add a new one, make it the main one and delete the old one – that’s all. You will follow a similar process to switch to your new phone number. In general, the switch will take no more than ten minutes, including the time you spend looking at your inbox or text messages while waiting for Facebook to send you new confirmations.
In an ideal world, you would use a unique email address (and phone number, if required) for all of your social services. The former is pretty easy to set up and manage, especially if you have a password manager that does all the hard work. The latter is much more difficult to deal with, and you can probably avoid it if you stop giving your phone number to the services you use. Except, of course, if the service only offers 2-Step Verification; It’s better to enable this than to do without it, but you can avoid it entirely if the service also allows you to set up regular two-factor authentication using a third-party app.
If this all sounds like there is a lot to remember, it shouldn’t be. Just think of this word whenever you are setting up a new service or looking at information that you have already shared with a service: obfuscation. If the service does not need to know your factual information in order to provide you with access, you do not need to refuse it. The more you can hide your sensitive information, such as your name, date of birth, email address, phone number, and real address, the better you will be when smart people start digging into it.