If you’re like me, or 90 million other unfortunate people—including Mark Zuckerberg and Sheryl Sandberg—you might have noticed your Facebook being mysteriously logged out of when you opened it on Friday morning. It prompted many to change their passwords and caused hundreds of reports over various websites, mainly in the fear that the affected accounts had been hacked. It transpires that this fear was not so far from the truth.
Facebook revealed on Friday, 25 September, that they had uncovered a major data breach compromising the accounts of tens of millions of individuals. This breach is currently considered to be the largest in Facebook’s history, but with the bug itself actually being over a year old, the extent of the broader impact remains open to question.
The breach itself consisted of hackers—whose identities are still unclear, although the FBI is also investigating—exploiting a vulnerability in the ‘View As’ feature, which lets you make sure your family can’t see the more embarrassing photos on your timeline. The bug allowed them to generate an ‘access token’ for everyone on the friends list of a compromised account, which in turn led those friends’ accounts to become compromised. When this token is stolen it can allow the hacker to log into the account it’s associated with. Crucially, it can also allow them to log into other websites and apps with the Facebook login service—this includes popular apps like Tinder, Instagram and Spotify.
If you were one of the people affected, what should you do? Contrary to Facebook’s advice for this particular breach, it would be a good idea to review the strength of your password as this is by no means the first time Facebook has been hacked or the last time that it will be. Changing your password will also make sure that any access that hackers might have gained will be blocked.
Another recommendation is to review the information stored on your profile—we saw from the Cambridge Analytica leaks that data on such mundane actions like the music people like to listen to and the pages they like can be used to make disturbingly accurate predictions about their personality traits, political views and even sexual orientation. It’s worth remembering that when you like something on Facebook, you’re not just sharing it with your friends and the company, but also with every company that uses Facebook. If you’re someone who values your privacy it might be worth your time to update the privacy settings on your account and make certain that only the people you want to see your details will be able to see them.
This breach comes in a wave of cyber-attacks over the past two years, which have released a veritable mountain of private information., This includes a British Airways breach, which disclosed over three hundred thousand names, addresses, and credit cards. This is a typical case of cyber-attacks that we, as consumers, can do nothing about. If our credit card details are stolen, then the only option is to sigh, ring up the bank, and get it replaced. For breaches like the Facebook and the recent Timehop and Strava ones, though, there are many more options. Is it worth using these websites if the end result is your private information being divulged to unscrupulous organisations and hackers?
As the scale and number of these attacks grow, the choice for consumers will be between the value of the service and the risk of serious invasion of privacy. In regards to bringing large organisations with lax security systems to account, this decision could not come quickly enough.
Image Credit: pixelcreatures via Pixabay