Password alert after Facebook data leakLocal | Erin Chan 7 Apr 2021
Privacy commissioner Ada Chung Lai-ling urges people to avoid using the same password for different social media accounts after personal data of 2.93 million Facebook users in Hong Kong was posted to a website used by hackers.
More than 533 million Facebook users from 106 countries and areas, including Hong Kong, saw their names, Facebook IDs, e-mail addresses, phone numbers, locations, birth dates and other information leaked to a hacking forum for free browsing in 2019, said multiple reports.
Insider, which first reported the breach on Saturday, said "a user in a low-level hacking forum on Saturday published the phone numbers and personal data" of hundreds of millions of Facebook users for free.
On Sunday, the Office of the Privacy Commissioner for Personal Data acknowledged the data breach and said that it had taken action with Facebook.
Speaking on a radio program yesterday, Chung said citizens should regularly check their privacy settings on cross-platform social media.
"Users can restrict the extent social media discloses their profiles and tracks their activities as well as their usage of facial recognition systems," she said.
"They should think twice before sharing or publishing any content on social media as well."
The office had contacted Facebook's Hong Kong office, requiring the social media giant to initiate a compliance check on the incident's particulars, the total number of Hong Kong users affected and personal data involved, she said.
Chung added the office had reminded Facebook to alert affected Hong Kong users as soon as possible.
She also appealed to citizens who suspect their personal data had been leaked to make queries or complaints to the office or relevant social media platforms.
"If users have recently received e-mails or calls of unknown origin amid the Facebook incident, they should be careful," she said.
Francis Fong Po-kiu, honorary president of the Hong Kong Information Technology Federation, said even though the data breach happened two years ago, leaked personal information could still be eyed by criminals.
"Citizens should regularly change the passwords of their social media accounts and activate the two-factor authentication feature for safety," he said.
Po said hackers might use the leaked personal information for resale or to blackmail Facebook or its users.
"Hackers might set up phishing websites using the personal information. Users should stay alert," he said.
The office said social media platforms and messaging apps being free meant users' personal information would be "monetized" - collected and shared widely.
To safeguard privacy, the office said users should change their social media account passwords regularly, enable two-factor authentication, beware of unusual logins of social media accounts and e-mails and not accept invitations from strangers whose identities cannot be verified.