Facebook has found itself in the middle of another security nightmare after it was revealed that 50 million user accounts had been compromised. And given the social network’s history of dealing with breaches, this number will probably rise.
Regulators are taking this latest incident extremely seriously. The Irish data authority has opened an official investigation which could result in a fine of up to $1.25 billion for breaching the General Data Protection Regulation law which is designed to protect personal information belonging to EU citizens.
What happened?
According to Facebook, the breach was caused by a coding error in the “See As” feature. Behind the scenes, this feature generates a special digital token, a security system that means you don’t have to keep entering your user name and password. Every time you load a new page on the website, Facebook checks to see if one of these digital tokens exist – if it finds one, you are not asked to log in.
Because of Facebook’s mistake, hackers were able to steal copies of these tokens. Which meant that they could log into millions of accounts and steal as much information as they wanted. And because the tokens were “official” Facebook didn’t even know there was a problem until it was too late.
A cultural problem
With 2.2 billion monthly users, Facebook is the largest, and most popular, social network in the world. But the sheer size of the organisation, and the technology that powers it, means complete security is virtually impossible to achieve.
But even though Facebook employs some of the most talented security experts, their cultural attitude towards personal information is a serious flaw. These highly skilled developers should be able to identify and resolve software bugs – but there’s a problem. The entire business model is based on sharing data with advertisers, marketers and other organisations – so easy access to that information is vital.
In fact, anyone willing to pay can have access to your personal data.
It’s not all Facebook’s fault
Perhaps the biggest problem is that as the world’s largest store of personal data, Facebook is a very tempting target for hackers. No matter how talented the programmers are, software bugs are inevitable – and cybercriminals will devote significant time and resources to identify and exploit them.
As such, it is inevitable that we will see more hacking and data loss events in future.
Playing your part
You may not be able to fix software bugs, but there are ways to better protect your personal data. First, always ensure that your smartphone apps – Facebook, Facebook Messenger, Instagram – are kept up to date. Every update includes software patches that close the loopholes used by hackers to steal data.
Second, ensure that your computer is kept up to date. Microsoft and Apple both release software updates regularly – so make sure that they are installed as quickly as possible.
Finally, make sure your computers and mobile devices are protected with an anti-malware tool. Anti-malware will automatically identify and block suspicious activity – like hackers trying to steal secure tokens from your devices.
Ready to better protect yourself against the next Facebook breach? Download a free trial of Panda Dome anti-malware protection now.