Meta's Increasingly Relying on AI to Make Decisions About User Experience Elements

This story was originally published on Social Media Today. To receive daily news and insights, subscribe to our free daily Social Media Today newsletter.
As highlighted by Meta CEO Mark Zuckerberg in a recent overview of the impact of AI, Meta is increasingly relying on AI-powered systems for more aspects of its internal development and management, including coding, ad targeting, risk assessment, and more.
And that could soon become an even bigger factor, with Meta reportedly planning to use AI for up to 90% of all of its risk assessments across Facebook and Instagram, including all product development and rule changes.
As reported by NPR:
'For years, when Meta launched new features for Instagram, WhatsApp and Facebook, teams of reviewers evaluated possible risks: Could it violate users' privacy? Could it cause harm to minors? Could it worsen the spread of misleading or toxic content? Until recently, what are known inside Meta as privacy and integrity reviews were conducted almost entirely by human evaluators, but now, according to internal company documents obtained by NPR, up to 90% of all risk assessments will soon be automated.'
Which seems potentially problematic, putting a lot of trust in machines to protect users from some of the worst aspects of online interaction.
But Meta is confident that its AI systems can handle such tasks, including moderation, which it showcased in its Transparency Report for Q1, which it published last week.
Earlier in the year, Meta announced that it would be changing its approach to 'less severe' policy violations, with a view to reducing the amount of enforcement mistakes and restrictions.
In changing that approach, Meta says that when it finds that its automated systems are making too many mistakes, it's now deactivating those systems entirely as it works to improve them, while it's also:
'…getting rid of most [content] demotions and requiring greater confidence that the content violates for the rest. And we're going to tune our systems to require a much higher degree of confidence before a piece of content is taken down.'
So, essentially, Meta's refining its automated detection systems to ensure that they don't remove posts too hastily. And Meta says that, thus far, this has been a success, resulting in a 50% reduction in rule enforcement mistakes.
Which is seemingly a positive, but then again, a reduction in mistakes can also mean that more violative content is being displayed to users in its apps.
Which was also reflected in its enforcement data:
As you can see in this chart, Meta's automated detection of bullying and harassment on Facebook declined by 12% in Q1, which means that more of that content was getting through, because of Meta's change in approach.
Which, on a chart like this, doesn't look like a significant impact. But in raw numbers, that's a variance of millions of violative posts that Meta's taking faster action on, and millions of harmful comments that are being shown to users in its apps as a result of this change.
The impact, then, could be significant, but Meta's looking to put more reliance on AI systems to understand and enforce these rules in future, in order to maximize its efforts on this front.
Will that work? Well, we don't know as yet, and this is just one aspect of how Meta's looking to integrate AI to assess and action its various rules and policies, to better protect its billions of users.
As noted, Zuckerberg has also flagged that 'sometime in the next 12 to 18 months,' most of Meta's evolving code base will be written by AI.
That's a more logical application of AI processes, in that they can replicate code by ingesting vast amounts of data, then providing assessments based on logical matches.
But when you're talking about rules and policies, and things that could have a big impact on how users experience each app, that seems like a more risky use of AI tools.
In response to NPR, Meta said that product risk review changes will still be overseen by humans, and that only "low-risk decisions" are being automated. But even so, it's a window into the potential future expansion of AI, where automated systems are being relied upon more and more to dictate actual human experiences.
Is that a better way forward on these elements?
Maybe it will end up being so, but it still seems like a significant risk to take, when we're talking about such a huge scale of potential impacts, if and when they make mistakes.
Recommended Reading
Meta Expands Meta Verified Paid Checkmark Subscription Program to Indian Users

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

2 hours ago

Ex-Texas US Rep. Blake Farenthold, who left office amid harassment allegations, dies at 63

Former Texas Republican U.S. Rep. Blake Farenthold, who left Congress amid sexual harassment allegations, has died. He was 63. He died in a Corpus Christi hospital and suffered heart and liver problems in recent years, Steve Ray, his former longtime political consultant, said. Farenthold's wife, Debbie Farenthold, confirmed that he died Friday. Blake Farenthold was elected in 2010, upsetting long-serving Democratic U.S. Rep. Solomon Ortiz. Seven years later, Farenthold announced that he wouldn't seek reelection. In a video he posted on his campaign's Facebook page at the time, he denied a former aide's three-year-old accusations, which included that he'd subjected her to sexually suggestive comments and behavior and then fired her after she complained. He apologized for an office atmosphere he said included 'destructive gossip, offhand comments, off-color jokes and behavior that in general was less than professional.' He said in the video that if he stayed in Congress, he would have spent months trying to vindicate himself. 'We all make mistakes,' Ray said Saturday. 'He made some mistakes.' Ray described him as a 'techie' who was interested in the internet and technology before getting involved in politics. 'He did a tremendous job as congressman for this area,' Ray said, noting that Farenthold cared about fighting crime and promoting transparency. 'His heart was really always in the right place.' Before becoming a congressman, Farenthold was a sidekick for a conservative radio talk show host, Ray said. 'When he decided to run, nobody in the world thought he was going to win,' Ray said. When he left office, Farenthold started his own radio show, which he continued until he died. In addition to his wife, Farenthold is survived by two adult daughters, Morgan Baucum and Amanda Lawrence, Ray said.

Yahoo

4 hours ago

• Yahoo

‘Life is full of unexpected surprises': People trying to call Iran meet mysterious voice message

People trying to call friends and loved ones inside Iran have instead been met with strange, pre-recorded voice messages, which some experts believe may be part of the regime's wider internet blackout. In a recording of a telephone call heard by CNN, a person outside of Iran hoping to hear their friend's voice on the other line, was instead met with a robotic voice. 'Hello, and thank you for taking the time to listen,' the voice says. 'Life is full of unexpected surprises,' it continues, 'and these surprises can sometimes bring joy while, at other times, they challenge us. 'The key is to discover the strength within us to overcome these challenges.' The unsettling message, which lasts nearly 90 seconds, then goes on to recommend the listener close their eyes and imagine themself in a place that brings them 'peace and happiness.' While different variations have been reported, this version appears to have been the one most commonly heard by people outside Iran placing calls to mobile phones inside the country on Wednesday and Thursday. No similar message was reported when calling landlines. The messages were widely heard after Iran imposed nationwide temporary restrictions on internet access on Wednesday, citing security concerns. This meant WhatsApp was down, so people abroad began calling their friends and family in Iran directly, rather than via the app. The message is reportedly not heard if the call is made through an app. The initial assumption for many Iranians was that the messages were the result of an Israeli cyberattack. Others see the Iranian authorities as being behind them. Alp Toker, the founder and director of NetBlocks, a non-governmental organization that monitors internet governance, believes the messages are an attempt by the Iranian government to limit telecommunications, as part of the wider internet censorship measures. 'The point is, when the internet is cut, the phones need to go somewhere, and that will go to the fallback message on the device,' he told CNN. Toker added it was a phenomenon NetBlocks had seen in different places around the world when internet access was cut. 'Sometimes it will have an advert for summer vacations and sometimes it will have some other nonsense,' he said. According to Toker, the messages are text-to-speech generated. He believes they appear to have been set up rapidly. 'It's in the format of a normal gateway answering message of the type you might get from a national gateway when a phone doesn't answer,' he said. 'It seems that they've gone with the settings, and there's a little box where you can put in the settings and they've put something in there, pre-AI generated.' Meanwhile, a UK-based telecommunications expert who listened to a recording of the most commonly heard message told CNN that 'the call appears to be hijacked after the second ring, which is highly unusual and deeply concerning. This suggests interference at the network level – well before a proper connection is established.' The expert asked not to be named for safety reasons. Neither Israel nor Iran has made a public statement on the recorded phone messages. Access to international internet services had been partially restored in parts of Iran on Saturday 'after approximately 62 hours of severe disruption,' NetBlocks said. 'While some regions have seen improvements, overall connectivity remains below ordinary levels, continuing to hinder people's ability to communicate freely and access independent information,' it added. The semi-official Tasnim news agency reported that international internet services would resume by 8 p.m. local time Saturday, citing the communications minister. However, Tasnim later reported that this was not the case, citing the same minister. According to the communications ministry, Iranians abroad can now contact their families inside Iran through domestic messaging apps. The Iranian government has frequently restricted internet access in the country. During nationwide protests in 2022, authorities implemented multiple internet shutdowns in an effort to stifle dissent.

Yahoo

4 hours ago

• Yahoo

16 billion password data breach hits Apple, Google, Facebook and more — LIVE updates and how to stay safe

When you buy through links on our articles, Future and its syndication partners may earn a commission. The news of a massive 16 billion data breach that exposed login credentials from Apple, Google, Facebook has made record as one of the largest data breaches in history. Cybernews reports that records from over 30 databases have been stolen, with each containing up to 3.5 billion passwords from social media and VPN logins to corporate platforms and developer platforms. The recent data breach contains a massive amount of information that can affect billions of online account, as cybercriminals now have access to a mass amount of login credentials. This puts users at risk of further malicious behavior from phishing attacks, social engineering and identity theft. Here are the latest updates on what we know about the data breach, how to find out if you're affected and how to stay safe. Currently, nearly all major platforms have been affected by the breach, including Apple accounts (formerly Apple IDs), Gmail, Facebook accounts and GitHub as well as instant messaging platforms like Telegram and both commercial and government platform portals. The data appears to contain URLs, usernames and passwords. However, with the unfathomable size of the data that's been exposed, there's no way to tell how many accounts are currently under threat. The stolen data appears to come from several infostealers, and while the datasets are new, the sheer amount of info could also be from a mix of different datasets from previous breaches, including a database containing 184 million records discovered in May this year. With the 16 billion login credentials now being exposed, it's important to check if your account has been exposed and to stay safe. First, the best way to keep your account secure is to enable two-factor authentication (2FA). This will stop threat actors from easily accessing your online accounts, as a second form of authentication through an app, phone, passcode or a physical USB key will need to be approved by you. If you haven't already, find out how to enable 2FA right now. Second, to find out if your login credentials have been affected, use Have I Been Pwned and check if your email is in the clear. If you are at risk, immediately change your password, delete unused accounts and consider using one of the best password managers to secure your online accounts. Security researchers have identified what they call "one of the largest data breaches in history", which includes more than 16 billion logins that include Apple credentials. According to a report from Cybernews, the staggering amount of information is contained in numerous datasets that have been uncovered since the start of the year. So far, the researchers have discovered 30 datasets, each containing up to 3.5 billion records. This includes everything from social media and VPN logins to corporate platforms and developer platforms. 'This is not just a leak — it's a blueprint for mass exploitation," the researchers told Cybernews. The easiest way to find out if your email and password are affected in this mass data breach is to use Have I Been Pwned. It's a free service that collates data from hacks and can also send you alerts when your online account is at risk. The site will notify you if your email is involved in the breach, and you can also check if your password has been exposed through Pwned Passwords. You can do a manual check right on the site, but we also recommend using the Notify Me service to make sure your accounts aren't affected in the future, too. With 16 billion login credentials being exposed, there's a big chance that your account is at risk. If left unchecked, cybercriminals can gain access to your accounts, leading to phishing attacks, identity theft, ransomware and more. To counter this, change your passwords immediately, especially if you reuse passwords for multiple accounts. It's a good idea to use a strong, complex password with a mix of numbers and symbols, and use PasswordMonster's Password Strength Meter to see how effective it is. To manage it all, it's a good idea to use one of the best password managers, as these will store, secure and autofill your passwords, and they also support passkeys across accounts. We reached out to security researcher and owner of Volodymyr Diachenko, about the data breach, who explains that it wasn't just from one infostealer malware, but many: "First things first — it wasn't a single source of exposure. This is not about the number (though it is scary!), but the scale and rise of infostealers infections these days," Diachenko states. "What this number reflects is the size of different infostealers datasets exposed publicly since the beginning of this year alone. They were observed by me and my team via passwordless repositories left exposed inadvertently." The data breach is known to have come from various infostealers. As per reports, infostealers are what caused the exposure of login credentials. This is a form of malware that can secretly steal sensitive data like passwords or chat logs and send them back to hackers. Cybersecurity expert Diachenko states: "It comes from various infostealers logs. Probably a backend infrastructure left exposed. Elasticsearch is a good environment to query such logs." While this is named the largest data breach in history, the 16 billion login credentials were only exposed "briefly," according to researchers in the Cybernews report. However, it's still long enough for threat actors to gain information and to put accounts at risk. "The only silver lining here is that all of the datasets were exposed only briefly: long enough for researchers to uncover them, but not long enough to find who was controlling vast amounts of data," Cybernews states. Along with this, out of the 30 datasets discovered, the majority of these were temporarily accessible through Elasticsearch, which is a free and open-source search engine, or "object storage instances." Earlier this month, Google released a survey detailing the growing awareness of the threat from scams in the U.S., stating that over 60% of users in the U.S. have seen an increase in scams over the past year. While many have seen scams through SMS texts, 61% state they have been targeted through emails. Plus, the survey notes that one-third of those experiencing an increase in scams have "personally experienced a data breach." What's more, the FBI also states that online scams have seen a 33% rise last year, with a total of $16.6 billion being stolen. In light of this data breach, there could be a major rise in phishing scams or account takeovers. This is why Google has warned users to change their passwords and rely on other forms of authentication, including passkeys. The datasets with exposed login credentials contained old and recent infostealer logs, and as Diachenko points out: "Credentials we've seen in infostealer logs contained login URLs to Apple, Facebook, and Google login pages.' Many of the data sets contained other specific information. One dataset was named after Telegram with 60 million records, another was labeled with a name relating to the Russian Federation with 455 million records and one with the largest amount of records at 3.5 billion is said to have a connection to a Portuguese-speaking population, as Cybernews reports. However, many datasets were also simply named "logins" and "credentials" with massive amounts of information. There's no way to tell what services these are for, and considering the billions of credentials leaked, there's reason to believe that accounts for any platform online are at risk. With infostealers being the cause of the mass data breach, it's best to know how to keep your PC secure from the malware. Trusted downloads: Only download software through legitimate websites and sources. Stay clear of suspicious emails: Never click on unexpected links or attachments. Make sure you know the signs of phishing emails. Update your system: Whether it's on your iPhone, Android phone, Windows laptop or MacBook, keep your system up to date with the latest security patches to stay secure. Use a VPN: Virtual private networks can mask your identity online, making it harder for threat actors to track you down. Be sure to use one of the best VPNs. Download antivirus software: This can keep many forms of malware at bay, including known infostealers. You can check out the best antivirus software for your system. Enable 2FA: In case your login credentials are caught in the data breach, enabling two-factor authentication will make it harder for cybercriminals to access your online accounts. We've seen major data breaches before, including the RockYou2024 leak exposing nearly 10 billion passwords with a mix of old and new records, along with the previous RockYou2021, which kicked off with 8.4 billion passwords. Recently, the largest ever data leak hit China and exposed more than 4 billion user records. This breach included financial data, WeChat and Alipay details as well as sensitive personal info like IDs, birthdates, phone numbers, and residential data. This 16 billion password data breach is one of the largest in history, but last year we reported on the supermassive Mother of all Breaches (MOAB), which contained 26 billion records or 13 terabytes of data taken from previous leaks, breaches and hacked databases. Data breaches aren't anything new, and one of our team has been hacked before. This was due to Adobe being hacked and the attackers getting a list of 153 million usernames and passwords in 2013. If you're worried about the 16 billion data breach, you can find out the best steps to take to prevent being hacked and improve your online security. Some essential tips include signing up for Have I Been Pwned, staying clear of reusing passwords, deleting unused accounts and making sure to enable two-factor authentication. Many companies, including Google, Apple, and Microsoft, are using passkeys to reduce the growing risk of phishing attempts, as login credentials in data breaches that cybercriminals use can lead to account takeovers. In fact, Microsoft is now making passwordless the default for new users. Niall McConachie, regional director (UK & Ireland) at Yubico (the company behind the YubiKey), reached out to weigh in on the data breach: 'As this huge data breach shows, passwords are just not good enough to protect our most important personal details and secure our online presence," McConachie states. "By continuing to rely on passwords, huge data breaches like this will persist — and they'll only get worse. McConachie continues: "As we rely on the internet more and more for critical services, users should opt for the highest-assurance authentication method to ensure their data is fully protected and not at risk of being accessed by cyber criminals. 'Instead of relying on passwords or legacy MFA to keep accounts safe, users must be encouraged to protect their accounts with device-bound passkey options like physical security keys." Since news broke about the data breach, it's been difficult to tell if login credentials included accounts from Apple, Google, Facebook and more. But Cybernews has now shared screenshots of the datasets (not including personal info, of course). These datasets show that there are URLs to Facebook, Google, Github, Zoom, Twitch, and other login pages. However, with the amount of data that is being exposed, the number of platforms that are affected is uncertain. As previously noted, there's reason to believe that every major platform has been affected by the data breach. A recent report from cybersecurity site BleepingComputer indicates the 16 billion password data breach actually isn't new, with the data instead likely to have been circulating for years. The data may have been collected by cybercriminals and researchers and repackaged into the massive database, only for this to be exposed online. The infostealers involved in compiling the login credentials, such as usernames and passwords, may have been collected over time, with different archives being into the massive database. Cybernews states that the data in the breach is recent and "not merely recycled from old breaches," but some data could be overlapping. Either way, many credentials were exposed in the breach, so it's a good idea to secure your accounts, change your passwords and stay safe. One of the key risks of a data breach this big is how easily cybercriminals will be able to access multiple accounts, especially for those who reuse passwords. A survey from NordPass indicates that as many as 62% of Americans, 60% of Brits and 50% of Germans admit to reusing passwords across multiple online accounts. Ignas Valancius, head of engineering at cybersecurity company NordPass, had this to say: 'Users must be extra careful because information in the leaked datasets opens the door to pretty much any online service, from Facebook and Google to GitHub and Telegram. Even some government platforms were compromised. 'I recommend changing passwords immediately before the threat actors start poking around in your accounts. You need to act fast because platforms like Google, Apple, or Facebook are the gateways to your entire digital life, especially if you store passwords in browsers and don't use multi-factor authentication (MFA) or passkeys. 'If hackers manage to get their hands on your password for Google, Apple, or Facebook, stealing your money and identity may be easier than taking candy from a three-year-old." While not part of the 16 million passwords leaked in the data breach we're covering, BleepingComputer reported on another confirmed data breach, this time from Krispy Kreme. According to the report, over 160,000 individuals were impacted by a November 2024 cyberattack, with attackers (apparently claimed by the Play ransomware gang) stealing personal information. The U.S. chain sent notifications to the people who were affected. Data breaches are on the rise, and the recent massive leak of login credentials across multiple platforms shows that now's the time to stay safe online. Make sure you're using one of the best VPNs and best antivirus software to keep your accounts secure. Though it can be scary to know that your data is out there on the web, circulating amongst hackers, there are steps you can take to protect yourself. First, as we've mentioned below, make sure you're changing the passwords to your accounts and using unique, strong passwords for each account. When possible, use passkeys instead. Always use two-factor or multi-factor authentication when an account has it available. As with all data breaches, the biggest threat will be phishing attacks and online fraud. Avoid clicking on links or downloading attachments from unknown senders as hackers often set up fake pages to steal your credentials, credit card data and other sensitive info. Never click on any unexpected links, attachments, files or QR codes from people you don't know. You also want to be wary of people on social media who may reach out to you with offers or those who want you to download or click on files or attachments. If you receive something that appears to be from someone you do know, confirm it with them in an independent manner like calling them on the phone, or texting them. If you haven't signed up for one of the best identity theft protection services, now might be a good time to look into them. You can also consider putting fraud alerts on your files with the Big Three credit-reporting agencies Equifax, Experian and TransUnion, and even instituting a credit freeze (although doing so can complicate getting a loan or opening new payment accounts). When going online, make sure you have one of the best antivirus software programs installed and up to date since these programs often include a have VPN, password manager, secure browser and other extra security tools to help keep you safe online. As more and more companies realize how easy it is to breach passwords, how frequently users reuse them – or use weak passwords – they have begun moving to a stronger method: passkeys. Microsoft recently announced that the Authenticator app will shut off the password autofill feature in July, a move that the company is likely making as it moves towards a passwordless future. And Google recently issued a security warning encouraging users to enable two-factor authentication or risk an account lock down; Google's VP of privacy Evan Kotsovinos was quoted as saying another good step to make your account even more secure is to replace your password entirely. Kotsovinos' recommendation is to trade your password in for a passkey, which involves using your biometric information like your fingerprint or facial recognition alongside a trusted device like your smartphone. To that end, Facebook announced this week that it would soon be rolling out passkey login's for its users, making it both easier and more secure to sign in to its services. Facebook users should soon see the option to enable passkey login's in the Account Center, from the Settings of their Facebook accounts on their mobile devices, and the option will also get rolled out to Messenger, and eventually Meta Pay. The Facebook passkey will work with the same fingerprint, facial recognition or PIN technology that you use to unlock your device. Because they're stored on your device, they cannot be guessed, cracked or shared. However, if you still wish to use a password, you can. If, like our own James Frew, you have also committed the security sin of reusing passwords or have used an unsecure Wi-Fi, or some other less-than-safe computer behavior, and wound up getting hacked, you might wonder what you should be doing next. Here's everything James did to re-establish a safe, secure computing environment for himself and make sure he was practicing safe computer habits. 1. Don't reuse passwords 2. Enable Two-Factor Authentication 3. Delete unused accounts 4. Sign up to Have I Been Pwned 5. Start fresh Checking your phone and seeing that 16 billion passwords have been leaked online is enough to give anyone a proper scare. However, when you're dealing with a data breach or data leak as massive as this one, it's important to put things in context before you Spadafora here and I've been covering cybersecurity news for over a decade. During that time, I've seen a lot of massive security incidents like this one. However, there's one thing a lot of them have in that no brand or company is mentioned outright in our coverage here at Tom's Guide and at other news outlets across the web, this is an easy giveaway that this isn't a new breach or leak but instead a collection-style one. In this case, it's likely not brand new data being exposed online but passwords and other personal info from previous security incidents. This data is then repacked in a way that's easier to search through and simpler for other cybercriminals to use in their attacks. For instance, similar collections like the RockYou2024 leak with 9 billion records and Collection #1 with more than 22 million unique passwords were distributed this way in the this doesn't mean you shouldn't swap out your simple passwords with strong and complex ones or take a hard look at your online security habits. It just means that you shouldn't worry too much as there's a high chance that a lot of these 16 billion credentials were already exposed online and likely for sale on the dark web. So instead of being scared, let this be the powerful catalyst you need to transform your online security – by changing your passwords (or better yet switching to passkeys), locking down your online accounts with 2FA, deleting unused accounts and apps, and sharpening your ability to spot a phishing scam. With billions of passwords floating around online, you may be wondering what steps you can take to improve your online security. If that's the case, chances are you might be considering investing in antivirus software or even identity theft protection. They're both designed to help keep you safe online but there are some key differences between the two that will help you decide which is right for best antivirus software (or the best Mac antivirus software for your Apple computer or the best Android antivirus apps for your Android smartphone) is designed to protect you from malware and other threats before they can infect your devices. By using a database of known threats, your antivirus software is able to scan and flag any potentially harmful files or software. It's worth noting that while paid antivirus software is updated more regularly and comes with plenty of extras like a VPN or a password manager, you likely already have access to built-in antivirus software in the form of Windows Defender on PC, XProtect on Mac and Google Play Protect on Android. Now the best identity theft protection services often come with an antivirus solution but that's not their main purpose. Instead, they're designed to proactively monitor your banking and other online accounts for signs of fraud or suspicious activity. They also keep an eye on your Social Security number and other sensitive personal information. The big difference with identity theft protection is that these services include identity theft insurance to help you recover funds lost to fraud in addition to helping you recover your identity. At the same time, you also get access to experts that can walk you through the process of freezing your credit and dealing with the fallout from identity theft. They can help you get new documents big thing to keep in mind with identity theft protection is that it only works if you sign up before a major security incident takes up for both antivirus software and identity theft protection is the best way to protect yourself and your data online. However, this can get expensive fast. If you're on a tight budget, I'd start with antivirus software first and then sign up for identity theft protection once you have more to lose. One way to make things more affordable is to look for antivirus and identity theft protection providers that offer family plans. That way, you can spread the cost between multiple people and rest easy knowing that your grandparents, parents, aunts, uncles, your children and yourself are all protected. Likewise, you want to stay up to date on the latest online scams and make sure that you share this knowledge with both your older and younger family members. Besides having your personal data and passwords exposed online, you also need to be on the lookout for new or upgraded malware. Case in point, the Godfather malware, which was first spotted back in 2021, recently got an upgrade that makes it even more is a banking malware that targets popular banking and financial apps by using overlay attacks. While you might think you're logging into your banking app once infected, you're actually inputting your username and password onto an overlay that appears over the legitimate app. Hackers study the look and design of popular banking apps to create these overlays which they use to harvest account credentials. With these in hand, they can log into and drain your financial accounts. Now though, the Godfather malware is using a new trick to evade detection and steal money from unsuspecting users. Instead of overlays, the malware is now using virtual versions of legitimate apps to commit fraud in real avoid falling victim to this and other malware strains, you want to avoid sideloading apps, opening attachments or links from unknown senders and it's always a good idea to limit the number of apps on your phone overall as even good apps can go bad when they're injected with malicious code. Though this breach may be the biggest in terms of numbers it has similarities to a few other recent breaches – for example, like three other recent breaches, this latest massive breach includes older data that has been around for a while and repackages it, then leaves it exposed it an open database making it easily accessible for any threat actor to grab. When it's discovered, it is quickly removed which makes it difficult to determine who owned the database and therefore, who was responsible for breaching the collected information. The data leak of AT&T data that we reported about earlier this month is similar and involved more than 86 million records that tied AT&T user data to sensitive personal information like Social Security numbers and birth dates. And again, a day earlier in China, more than 4 billion records were compiled that included everything from WeChat transcripts and phone numbers to gambling history. In May of this year, 184 million passwords from companies like Apple, Google, Microsoft, Instagram, Facebook, Snapchat and more were compiled and stored in a plaintext database. The trend towards larger and larger breaches is clear. At this point it seems inevitable that your passwords and data can, and will, be compromised at some point and it is up to the consumer to protect themselves by using every tool available to protect themselves. When a large number of passwords or a collection of sensitive personal information is exposed online, people often get hung up on whether it's a data breach or a data leak. Here's the difference between the a data breach to occur, hackers or other cybercriminals need to gain unauthorized access to a company or even a government's systems. Once inside, they then steal or exfiltrate as much data as they can with the intention to use this info for blackmail, phishing or other cyberattacks. Now with a data leak, the same types of personal and even financial information from a data breach may be exposed. However, how that data ended up online is the main difference. Data leaks often occur due to human error. For instance, maybe someone forgot to password protect a database and left it open online for anyone to access it. This might sound hard to believe but this happens way more often than you'd way that a data leak can occur is through scraping. Just like marketing firms do, hackers often scrape public databases for personal details and other info. All of this data is then put together in a database and if not secured correctly, it too can leak out onto the open web. Regardless of if you're dealing with a data breach or a data leak, the end result for you as the user is the same. Your information is available online and could be used against you. One way to limit your exposure is by using a data removal tool. There are standalone ones like Incogni or you might find one available as an extra feature with your antivirus software or VPN, like with ExpressVPN's Personal Data Removal this security incident has made you rethink your cyber hygiene, a data removal service is another tool you should add to your security arsenal along with antivirus software and identity theft protection. Now that billions of passwords have been exposed online, hackers and other cybercriminals are probably already thinking about how they'll use this data to their advantage in future attacks. Here are the ways this leaked data will likely be used first:If a password was leaked alongside a username, then hackers are definitely going to try and see if they can use these credentials to log in. They will likely try the account the password is associated with first and then after that, they might try to log into other popular online services. What they're hoping for is that the person this username and password belongs to was foolish enough to reuse the same credentials across multiple online accounts. Password reuse is one of the easiest ways you can set yourself up to get hacked, so if you use the same password on multiple sites and services, stop what you're doing and go create a unique and complex password for each of them. If the leaked username and password work, they'll then take over the account and use it as their own. They could use it in other attacks or even to send out phishing messages to any contacts associated with that account. The next big thing that we'll likely see are targeted phishing attacks. Unlike your standard phishing attack, these ones go after specific people by using public or stolen info to build trust with potential victims. If a hacker impersonates someone you know or claims to know them too, you're more likely to respond to their messages and you could potentially be swayed by their if a username and password combo was leaked for a banking or financial account that contains loads of sensitive personal data, hackers could try to steal your identity. These are all the main potential threats you're going to want to be on the lookout for but there could be more. My advice, keep your head on a swivel and keep tabs on all of your online accounts just to be safe. Likewise, consider investing in identity theft protection for additional peace of mind. CNBC is reporting that Aflac has "identified suspicious activity" in its network. This activity could impact Social Security numbers and other information. 'We continue to serve our customers as we respond to this incident and can underwrite policies, review claims, and otherwise service our customers as usual,' Aflac said in a statement. According to CNBC, the investigation is in its early stages and Aflac does not yet have the total number for potentially affected customers. Impacted information may include claims information, health info, Social Security numbers and other personal information related to everyone from customers andbeneficiaries to employees, agents and "other individuals." The insurance company has said that it will offer free credit monitoring and identity theft protection and Medicaid shield for up to 2 years for anyone that reaches out to its call center. Google will reportedly require you to activate 2-step verification to access your Gmail account. Especially as Gmail was one of the affected databases in the big breach. It's meant to help curb phishing and spam emails that have been on the rise lately. As part of that you should replace your password with a passkey. You can activate 2SV now if you haven't already to get ahead of it. With this massive data breach on the mind, now is as good a time as any to do some security home work. We've put together guide to the seven things you should do now to make sure your accounts and devices are safe. We have more details in the guide but here's a brief rundown what you need to secure. Passwords Browsers Two-factor and Multi-factor authentication Update social media settings Delete, remove and unsubscribe Update software and enable automate updates Check and update settings This record-breaking data breach included URLs, usernames, and, most importantly, passwords, which means you should seriously consider updating yours for Google and Facebook. But creating strong, complex passwords is a tall order, and remembering them is even harder, especially when you should ideally have one for every site you log into. You could try to keep them all in your head if you have Rain Man-level recall. If you don't, why not offload that process by getting a password manager and free up all that precious memory for more important things? Password managers make it easy to securely store all of your passwords in one place, and most will even autofill them into a website or app when you log in. We dive into the best picks for iPhone, Android, privacy, and more in our guide to the best password managers.