My Mobile

Lead story

How safe is your personal data on social media?

- By Pahi Mehra

Facebook Data Breach:

How safe is your personal data on social media?

Facebook faces yet another controvers­y with data breach of its 533 million users. The social media giant hit the headlines once again for wrong reason after the data leak was reported by Alon Gal, CTO of cyber intelligen­ce agency Hudson Rock in January 2021. Gal had highlighte­d that a Telegram bot was being used to sell the phone numbers for free. In the latest reports, a lot more user info is available including email IDS, full names, locations, birthdates, etc. The breached accounts record for over 32 million accounts in the USA, 11 million in the UK and 6 million in India.

The Social media giant, Facebook, has been in the news lately and facing scrutiny over how it handles the personal informatio­n of its users. Just when the company was clearing up its mess after a major security incident that exposed the account data of millions of users three years ago, reports emerged yet again of an alleged data breach, impacting half a billion Facebook users from 106 countries.

as we know it’s already been a bumpy ride for Facebook after the Cambridge analytica scandal, the company was scrambling to regain its users trust and the news of yet another data breach has knocked down Facebook’s reputation one more time.

This time Facebook confronted a massive data breach of its 533 million users. The social media giant hit the headlines once again for wrong reason after the data leak was reported by alon Gal, CTO of cyber intelligen­ce agency Hudson Rock in January 2021. Gal had highlighte­d that a Telegram bot was being used to sell the phone numbers for free. In the latest reports, a lot more user info is available including email IDS, full names, locations, birthdates, etc.

The breached accounts record for over 32 million accounts in the USA, 11 million in the UK and 6 million in India.

For the past two years, we have been hearing the apologies, explanatio­ns, and promises from the company, but it seems that Facebook is either too vulnerable or maybe too swamped to handle the privacy of its users worldwide.

The news of the most recent breach could not come at a worse time for Facebook. The company has already been buffeted over 2018 Cambridge analytica scandal. and this time the company has suffered a breach of private informatio­n from 533 million accounts, even the company’s founder and CEO mark Zuckerberg’s private credential­s are part of it.

While this figure is staggering, there’s more to the story than 533 million sets of data.

Before jumping to conclusion­s let us rewind and look at the past breaches or scandals of Facebook.

The Past Scandals!

There is a big list of data breaches of Facebook, and all of the highlights the need for stricter data protection laws and accountabi­lity from the company not just by paying huge settlement­s but also coming up with ways to keep its user’s private informatio­n private!

If we look back, in 2007 Facebook released a product called ‘Beacon’ which was designed to help advertiser­s understand their audiences. This move was to monetize users on the platform. Through Beacon, user activity on other websites was added automatica­lly to Facebook user profiles. To demonstrat­e what it’s trying to do, Beacon showed the titles of videos users rented from Blockbuste­r Video on the Facebook News Feed. However, this was a clear violation of the Video Privacy Protection act and led to a class-action lawsuit. as part of the settlement, the social media giant had to pay $9.5 million to a fund for privacy and security.

and this was just a start, in 2009, the social media platform publicly published informatio­n that was marked private on users’ profiles. an investigat­ion was issued by the Federal Trade Commission which forced Facebook to apologize to its users. It was also asked to promise better personal data management and protection.

a massive data breach happened in 2013, in which almost 6 million user data was affected. That year the company found a bug that had been exposing the personal informatio­n of over 6 million users to unauthoriz­ed parties and viewers for about a year. Exposed personal data included email addresses and phone numbers of Facebook users. anyone who knew even one piece of informatio­n could access the data. This technical glitch began in the year 2012. However, it didn’t come to notice until 2013. Before publicly announcing that Facebook’s data leaked, apparently, it fixed the bug and reported the breach to those affected and regulators.

another massive data breach turned into a scandal in 2014, the Cambridge analytica Scandal. The news about the data misuse was disclosed in 2018 by Christophe­r Wylie, a former Cambridge analytica employee, but it actually took place in 2014.

This marked the beginning of Facebook data breaches and the problems it faces with handling personal data.

The Cambridge analytica Scandal is one of the most talked-about Facebook data breaches. The scandal began in 2014 when Cambridge analytica, a data-driven startup asked users to fill in reviews on the Turkoptico­n website (a third party site for reviews for amazon’s mechanical Turk). It was followed by a task by aleksandr Kogan that asked users to fill a survey in exchange for money. To fill in the survey, users were asked to download an applicatio­n – thisisyour­digitallif­e – to their Facebook accounts.

The app then downloaded a huge amount of personal informatio­n, such as the user’s demographi­c data, likes, friend lists, and some private messages. The app broke the terms of service of Facebook’s but remained in place till December 2015

by which more than informatio­n of over 85 million had been harvested by Cambridge analytica. The data was later used for marketing-related activities and fake news stories. This data also provided analytical assistance to the 2016 presidenti­al campaigns of Ted Cruz and Donald Trump.

This incident entirely proved that the digital data of Facebook users are not at all in safe hands.

after this in 2018, the company uncovered a new bug in the social media platform that overrides the blocklist of users. In yet another privacy failure, the social media giant admitted that more than 800,000 users were affected by this bug on Facebook and Facebook messenger.

In 2019, another news surfaced on the internet in which, Brian Krebs, a cybersecur­ity expert reported that the social media company has been storing passwords of millions of users in plaintext files. These files were accessible to over 2,000 employees of Facebook. The social media company didn’t say why or how it had been saving user passwords in such a manner. Later, it was discovered that the passwords of millions of Instagram users were also saved in the same manner. The total number of affected Instagram and Facebook users is estimated to be at least 600 million. The actual number might be much higher.

In July 2020, Zuckerberg-led company admitted to sharing user data with about 5000 third-party app developers, even after the expiry date of data access authorizat­ion. Facebook said that it had fixed the issue, however, a mistake allowed 5,000 developers access to receiving user data for longer than the expiry date.

What happened in 2021!

The company was yet again in news, in april 2021 it was reported that the personal data of more than 533 million users of Facebook had been posted on a website to be misused by hackers. This Facebook data breach was reported by alon Gal – Chief Technology Officer of Hudson Rock.

The data breach had a lot of personal informatio­n of users exposed, including their full name, date of birth, gender, email address, phone number, Facebook IDS, Facebook bios, location, and job status. The Facebook data leak 2021 included records of 6 million users from India, 11 Facebook users from the UK and 32 million users from the US.

The company claimed that the hackers obtained user data through data scraping — a process used by people to import data from a website onto a local file that is saved on a computer. The social networking giant also stated in a blogpost that the specific issue that allowed this scrape to happen no longer exists since 2019.

Really? Can you believe that?

Clearly, in the case of Facebook, criminals can mine Facebook’s systems for users’ personal informatio­n by using techniques which automate the process of harvesting data.

On this, Paranjoy Guha Thakurta, a senior journalist, and a writer said, “as the Cambridge analytica Episode repeats, Facebook claims it is mindful of protecting the privacy of its users, but the reality is something else. Hackers have been able to infiltrate Facebook’s systems,

mined personal data, and presumably sold the data for profit. Whatever, mark Zuckerberg or others may say about how much Facebook respects and protects the privacy of its users, the reality seems quite different. and the most recent incident of the hack that has taken place revealed that Facebook has a long-long way to go before it is able to protect its systems from being misused and abused.”

Where is this data now and for what it can be used?

We all know the stolen informatio­n goes to just one place, the Dark Web. and this informatio­n picked or obtained from the Dark Web, can be used to send spam emails, make calls, mount phishing campaigns, and target advertisin­g. It can be used to plot and execute various nefarious online fraud schemes. Hackers can impersonat­e users and transfer cash on their behalf, without their knowledge.

The database of private informatio­n is available on the dark web for anyone to sift through. as per reports from cyber intelligen­ce firm, Hudson Rock, this data was now being sold to various groups on the cloud-based messaging app Telegram. Recently the data set seems to be popping up on various hacker forums all across the internet.

On this issue Rakshit Tondon, a Cyber Security Expert has said, “Data breaches are becoming a serious concern today, because as we all understand that data is the new gold, data is the new oil, and I think in the last couple of months every second day we are hearing a data breach happening like recently in the news from Facebook, then Linkedin. and we as consumers, we are trusting these applicatio­ns and giving all our informatio­n, but this really acts as a booster to cybercrime­s when these data breaches take place.

Because I have seen a trend whenever these data breaches are taking place, the cybercrimi­nals or hackers get a boost. Because they have hands-on personal informatio­n like user’s passwords, and surprising­ly we have seen that these companies are not treating passwords as well-encrypted. I have seen places where passwords are stored in the databases as simple text, so that means there are compliance issues there.

Organizati­ons like these must be very proactive about data security. In India, we are still waiting for the Data Protection Law, as we heard under the GDPR these companies are tremendous­ly fined if something like this happens. But here in our country, we are still waiting for the Law to be implemente­d, and I think it will act as an immunity once it comes out. after this, the companies will become serious about data protection.

There is a lack of Cyber Hygiene, and I think it is high time that all companies look at cybersecur­ity pro-actively and this ongoing pandemic has at least taught us this much that rather than waiting for something to happen we must act pro-actively. Giving out your personal informatio­n is a threat.”

Niti Agarwal CTO Locobuzz Solution, has also enlightene­d us on this issue, she said, “In recent history, we have seen some of the worst data breaches occur around the world, and unfortunat­ely, this is going to continue happening. as companies adopt better ways of securing their servers and customer’s data, hackers are motivated to find more loopholes to gain access to these servers. Frequent security audits and a robust security policy are a need of the hour, but the companies must also look at what kind of security policies or framework the 3rd-party integrator follows. This is critical because the weakest link in the security is the entry door for hackers to get into your system.

Secondly, companies should rely less on people in terms of managing their security keys and other critical informatio­n. This is because people can be easily manipulate­d into giving the informatio­n to an unauthoris­ed user. That said, even as a consumer of services we have a responsibi­lity to protect our data. Security and privacy are a combined responsibi­lity of both the consumer and the service provider. The more we take control of it, the better.”

How did Facebook react to this!

We all know the time when the Cambridge analytica Scandal news broke in 2018, mark Zuckerberg’s initial response was a long and deafening silence. after which he was summoned in from of a Congress Committee.

The founder and CEO of Facebook – the man with total control over the world’s largest communicat­ions platform, addressed the public, and said – “We have a responsibi­lity to protect your data, and if we can’t then we don’t deserve to serve you.” and yet we are here!

Since 2018 what has changed is how we saw those facts. It was as if we all had gone away with it but the fear of losing the private informatio­n haunts the users every time a new Facebook breach is in news.

Every time Facebook is in news because of a data breach its PR team is engaged with self-defeating arguments over whether what had occurred.

What’s Next?

almost every company has suffered a big data breach at some point of time, but only Facebook has endured such an existentia­l reckoning. That’s because what happened with Cambridge analytica was not a matter of Facebook’s systems being infiltrate­d, but of Facebook’s systems working as designed: data was amassed, data was extracted, and data was exploited.

If you are looking for an answer on what you should do to safeguard your personal informatio­n, we have nothing for you. maybe you should delete your Facebook account!

Or another way could be by deciding to not share any informatio­n that could harm you in the future. Don’t share anything on the platform that you do not want to end up being available publicly. moreover, enable two-factor authentica­tion for an added layer of security. ■

 ??  ??
 ??  ??
 ??  ??
 ??  ??
 ??  ??
 ??  ??
 ??  ??
 ??  ??

Newspapers in English

Newspapers from India