Data breaches have unfortunately become a common occurrence today. Some breaches have a wide-reaching impact when compared to others, and the latest Facebook data breach definitely falls into this severe category. Much of this impact is because of the growing number of active users on the social media site. According to Statista, Facebook had 2.23 billion active users in the second quarter of 2018. Also, it was the first social media platform to cross a billion users way back in 2012, thereby making it the most popular social media platform in the world.
So, when there is a breach in such a huge network, consequences are obviously big.
What happened?
Here’s a brief timeline of the Facebook data breach: On Sept. 16, a few engineers at Facebook detected unusual activity on their platform and realized that their network was compromised. There was a spike in user activity to the site and this led its engineers to look for potential problems. Finally, the breach was identified and announced to the world on Sept. 25, and immediately Facebook began to fix the vulnerabilities.
It is believed that hackers had unfettered access to more than 50 million records on Facebook, which means, they could see all the private messages, posts, likes, videos, photos, notes, and pretty much all activity of these 50 million users. They even had access to private information such as full name, hometown, gender, date of birth, and possibly even mobile phone numbers in some cases. Besides, the company says that it cannot determine the extent of impact that hackers’ had to third-party accounts that used Facebook login. Facebook did say that it believes no credit card information was stolen in the breach.
In an attempt to curb the impact of this breach, Facebook logged out almost 90 million users on Sept. 27 and these users had to login back again on Sept. 28 to access their accounts. Facebook reiterated that this was an essential process to protect the security of these 90 million people. This included the 50 million accounts that were compromised and another 40 million.
In all, this is a serious breach that could have lasting repercussions for Facebook, its users, and the digital community as a whole.
How did the Facebook data breach happen?
Facebook has not been forthcoming with the details. It is hard to say if Facebook does not have information about the hackers or wants to be tight-lipped about it.
According to an official release, a feature on Facebook called “View as” had a bug and hackers exploited it.
This “View as” feature allows users to see their Facebook account page just as someone else would see it. Hackers somehow used this feature to log in as account holders themselves.
The company’s statement says that this breach was due to three different bugs that compounded the security flaws in the View as feature, thereby opening a gaping hole for hackers to steal information. These bugs surfaced in July 2017 when the company made some changes to its video uploading feature. Last year, the company created a feature to make it easy for users to post “happy birthday” videos, and this feature had some security flaws that eventually led to this breach.
Who did it?
At the time of writing this piece, the company has not given any information on who the hackers are and what they were after.
Thomas Rid, a professor at John Hopkins University, believes that the Facebook data breach was caused by spammers or criminals acting in isolation or in groups. He contends that 50 million random Facebook accounts are not going to interest any intelligence agency.
Weeks before the attack, a Taiwanese hacker named Chang Chi-yuan promised the world that they can see the deletion of Facebook CEO Mark Zuckerberg’s Facebook account live, but Facebook has not confirmed any connection between Chi-yuan’s promise and this breach. Also, experts say that it is hard to trace the attack to any individual if he or she had exploited isolated vulnerabilities and if the attack was a targeted one.
Consequences of this Facebook data breach
Facebook has said so far is that it has reached out to law enforcement, and they are going to take it from here. They have informed the concerned authorities in the United States and Europe about the breach and everyone is into investigating this breach.
But what about the 50 million people whose records were accessed by hackers in this Facebook data breach?
Well, the consequences are more far-reaching that you can imagine. Hundreds of apps and websites use a person’s Facebook login, which means hackers have access to not just the posts and media uploaded on Facebook but also to other apps and sites that use Facebook’s login credentials. In fact, Facebook has confirmed that some accounts on Instagram and WhatsApp are also affected by this breach, as users tend to use the same login details.
How is this possible?
Generally speaking, an access token is a digital key that allows users to stay logged into Facebook, without having to repeatedly log in every time. With this breach, hackers can log into your Instagram, Spotify, or just about anything else for which Facebook’s login was used.
All this means users’ trust is shaken. When a digital behemoth like Facebook cannot control hackers from harvesting the private information of 50 million people, where is safety in the digital world? According to Rohit Chopra, a commissioner of Federal Trade Commission, this attack is not just an invasion of an individual’s privacy, but it also creates enormous risks for the economy and national security as a whole.
What this means for the future
According to Mark Zuckerberg, online security has become an arms race and the company is going to do everything it can to beef up its defenses. In fact, Zuckerberg said that the company will increase the number of people working on security from 10,000 to 20,000. But will this alone prevent another Facebook data breach in the future?
Well, that’s the million dollar question. But for now, it is sure going to be a stressful few days for the 90 million people who were logged out of Facebook!
Also, the company as a whole is facing a difficult few months as they will have to appear before the U.S. congressional committee and will have to submit reports to different agencies about this breach. At a time when the company is already facing privacy issues, this breach is sure to come as a big blow.
This breach can also have an impact on the U.S. midterm elections that are only a few weeks away — if that was the impetus for the cyberattack in the first place.
So, as a user, what can you do from now? Nothing much, really! Unless you want to close down all your social media accounts and digital footprints and go back to the good ol’ pre-Internet days.
In general, though, exercise some caution while using the Internet and take actions like signing up for a free fraud alert or checking your credit score to ensure that your information has not been compromised. Though Facebook doesn’t recommend it, it’s still a good idea to change your password. There is no guarantee that these measures will protect your digital privacy, but it could make it a little more difficult for hackers to access them. More importantly, you’ll know if your information has been hacked.
As a company, Facebook and probably every other company in this sphere should take some serious steps to protect their users’ data if they want to continue to grow and expand. Much innovation is needed in this space because securing a system with 2.2 billion users across the world that connects with thousands of third-party services is not easy. But the ramifications of not securing the data are immense.
Featured image: Pixabay
