Facebook Victims of Breach – It’s Only 30 Million not 50 Million
Do you ever get tired of Facebook always being in the press for what is essentially poor security? If you ask me, what’s the difference between 30 million users and 50 million users? Like 30 million users is an ok number? They have gone on to add ‘only’ 14 million to those who have had their personal information stolen. I ask again, is 14 million users an ok number?
Now here is where it gets interesting. The cybercriminals did this in four, yes four, stages. Facebook said it identified four groups of victims hit in different stages: an initial group of 400,000 users, a second group of 15 million people, a third of 14 million, and a final of 1 million.
According to Facebook, the hackers controlled a ‘set of accounts’ and, with an automated technique, used the controlled accounts to move from account to account. The first 400,000 were considered their ‘seed accounts.’ For the 15 million, the hackers accessed information such as timeline posts, lists of friends, and membership groups. I guess they then upped the ante. For the 14 million users, the hackers were able to steal name and contact details, including username, gender, locale, language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or pages they follow, and the 15 most recent searches.
For the last 1 million, the hackers were unable to steal anything. Is this when Facebook noticed something was amiss? After 29 million Facebook fans were hacked, did Facebook finally have a brainstorm and realize that the hackers were pretty determined to accomplish their objective? If you believe you were hacked, Facebook does have a help center.
What I don’t understand is why Facebook doesn’t take privacy seriously. A little off the subject, when I was researching this topic I came across a website that will let you hack anyone’s Facebook account, for free. Really, is it that easy? According to the site, “Getting your friend’s Facebook password is easier than ever. Just give us their profile URL and we give you the password.” I then searched on Facebook hacking and there are pages of them that provide this ‘service.’
Not sure it would help in this scenario but we do have a solution for data discovery and classification. The software will identify any privacy or sensitive information, from any repository. You can even create your own workflows based on phrases, topics, subject, or concepts, so when content that contains information that should be protected is found a follow-up action can occur. You can also remediate or redact the content.
For a company the size of Facebook, and with such deep pockets, I don’t understand why privacy information isn’t protected. Personally, I think it’s a lack of corporate character.