In part 1 of this series, we talked about the bizarre coffee shop that collects personal data as payment for a coffee, and we clarified why that’s such a problem. In this article, part 2 of the series, we’ll talk more about data privacy, specifically as it relates to Facebook’s recent hack.
The last article ended with a hook about how some companies aren’t forthcoming about the types of data they’re collecting on you. Facebook would be one such example.
In the book How to Fix the Future, author and noted internet skeptic Andrew Keen highlighted an example of an Austrian grad student, Max Schrems, who requested that Facebook send him any and all data they’d collected on him and attached to his account.
In return, they sent him a 12,000-page PDF that included every IP address he’d ever signed in on, all the messages and “pokes” he’d exchanged, items he was sure he’d deleted, and a whole bunch more.
And this was in 2010, arguably before the Age of Big Data. We can only imagine how much of our information Facebook is collecting and storing now.
The fact that we don’t really know much about Facebook’s data practices makes us wonder about the recent Facebook hack, which was the largest in their 14-year history. It was a sophisticated attack that combined three software bugs into a highly devastating security mishap, and it compromised at least 50 million Facebook accounts, including Mark Zuckerberg’s and Sheryl Sandberg’s. The hack may have also affected 40 million additional accounts.
Facebook has since patched the bugs, and users impacted by the attack will have noticed that they were automatically logged out by Facebook and asked to reauthenticate their credentials.
Let’s be clear, if you were one of those 90 million users who was automatically logged out of Facebook, that doesn’t mean your data was compromised. The auto-logout was a standard security protocol that Facebook used to protect your account, that’s all.
Unfortunately, if hackers did manage to access your data (investigations are looking into this), those attackers could have accessed everything in your Facebook account as if it was their own. They also could have used Facebook Connect (also known as Facebook Login), which is that “Login with your Facebook account” option a lot of websites offer. If the hackers used Facebook Connect, they may have also gained access to your third-party apps, such as Spotify or Instagram.
However, as of October 2, Facebook reported that they had “found no evidence that the attackers accessed any apps using Facebook Login.”
Other important details about the attack:
Facebook prides themselves on their high levels of security, and they should. The fact that sophisticated hackers were only able to access the system by coordinating three separate bugs and that Facebook was able to quickly ID and patch those bugs in less than 10 days speaks volumes about the security of Facebook’s code. As we’ve mentioned before, most software is riddled with bugs and it often takes years for breaches to be discovered and patched.
First off, your personal data may have been stolen, so you need to think deeply about what data you were sharing and why. Secondly, your logins may have been impacted and criminals may have gained access to your other linked accounts.
To be clear, your password wasn’t compromised, but the fact that your Facebook login tool may have been used is a good reminder for you to practice good password hygiene:
A third key takeaway from the Facebook hack is that no company is immune to cybercrime, not even tech giants that pride themselves on cybersecurity. Everyone knows that Facebook is a company filled with tech geniuses, yet even they overlooked a huge security hazard.
Perhaps you’re thinking, “Sure, Facebook got hacked, but they’re a massive company. They’re one of the 10 largest in the world. No one would want to hack my small company.”
You’d be wrong in that assumption.
According to Verizon’s 2018 Data Breach Investigation Report, more than 58% of data breach victims are small businesses. As a small business, you have a greater likelihood of being breached than mid-market and enterprise companies combined.
And, often, hackers use personal data they obtained from other sources, such as Facebook, an unprotected data lake from your local grocery rewards program, or leaked data sold on the dark web, in order to phish or hack your current systems.
In short: hackers can leverage the data you give away for free, so they can steal from your company, destroy your reputation, and potentially even shut down your business.
You may not think your data is valuable, so you, like the Brown University students from part 1 of this article, may be tempted to just give it away for small favors. Your sentiments may, in fact, echo the comments of one Brown University student who frequents the Shiru Café:
Maybe I should have been more apprehensive, but everyone has your information at this point anyway. To give out my name and email and what I study does not seem so risky to me.” – Nina Wolff Landau, a junior at Brown University
However, if you only focus on one thing this Cyber Security Awareness Month, focus on the fact that it’s of critical importance that you block access to your data.
The easiest ways to do that are to carefully think about where you’re sharing your data and why – and to hire one of the leading IT services companies to help keep your systems and data safe from attack.
When you work with IT services companies, you can block hackers by ensuring you have system monitoring around the clock that can detect threats as they occur. Working with IT services companies means you can protect yourself by making sure all of your company’s devices and software stay patched and up to date at all times. IT services companies help you protect your business inboxes from phishing spam, and you can trust that they’ll provide you with an outsourced team that is always looking out for your company’s digital safety and security, 100% of the time.
With Interplay, one of Seattle’s longest-standing IT services companies, you can safeguard your data.
To reach Interplay, you can either use our Contact page and share some of your data online (don’t worry – our site is secure!)… or, better yet, how about you just give us a call at (206) 329-6600.
Automated page speed optimizations for fast site performance