In a recent scandal concerning personal data, Facebook has suffered yet another data breach. Facebook is beginning to follow a disturbing pattern of data hacks leading to millions of users having their personal information extracted by hackers and leaked into the public. In the most recent attack, in 106 countries 533 million Facebook user's personal information was hacked. This included cell phone numbers, birthdates, and locations that have been leaked to the public. The breach is supposedly linked to a vulnerability that was said to have been “patched” in 2019. The chief technology officer of the cybercrime intelligence firm Hudson Rock, Alon Gal, mentioned that while the data has already been leaked, Facebook cannot do much to help. They can only further remind users to watch out for phishing and scams.
In review of this event, I find many issues.
The prominent issue of personal information, including details of location and birthdate, being easily hacked is the main problem. While personal information being hacked is not a new concept, the scope of this data breach is far reaching. The private security laws that have been broken among the 106 countries affected must be extensive, especially considering the highly restrictive laws in the European Union.
Laws and restrictions progress into the second issue of Facebook recognizing the vulnerability a couple years ago due to scraping capabilities that were in violation of its terms and services. This knowledge leads me to the question, if the problem happened before and appropriate measures were said to have been put into place, why did it happen again? Obviously, measures were not taken far enough for one of the company's largest breaches to have happened after supposedly sufficient measures were put into place to fix the issue. The track record of data breaches on Facebook makes me question the integrity of the company and ability to keep their customers information safe. I would personally begin to question my value and relationship with the company after so many failures.
Lastly, I find it interesting that Gal would suggest that the company merely remind the users to be cognizant of phishing schemes rather than encourage the company to reassess their insufficient security measures. While it is important for users to be aware of what corrupt links and posts may look like, I believe the main problem lies within the values and technology of the company itself. I do not find the responsibility to lie on the customers who entrust their personal information to a company. The company, Facebook, should take the time to protect and defend against attacks on their users.
I find that throughout the years Facebook has proven itself to not take the responsibility of its users' private information seriously. For continuous hacks to keep affecting millions around the world, the appropriate measures are clearly not being taken. Perhaps the company should start hiring hackers to try to purposefully break into the company and work together to find an effective solution.
Source: https://www.businessinsider.com/stolen-data-of-533-million-facebook-users-leaked-online-2021-4
This seems to be a reoccurring theme with Facebook. I wrote my blog on what to do when your data is hacked and the article mentioned the Facebook data breach. The users that had their data stolen are going to need to change their email addresses, passwords, and possibly phone numbers. It is unfortunate that Facebook can get away with just telling people that they need to watch out for scams themselves. This is especially frustrating since Facebook’s users give them data that is required to use their services and users should be able to trust Facebook to keep that data safe. I was unaware of how many privacy laws were broken. I have heard a lot about the data breach, but I have not heard about any repercussions or potential punishment that Facebook is facing.
ReplyDeleteIt is known that Facebook has had many data security problems over the years and a company as big as Facebook should have the resources and ability to provide quality data protection. I agree with you that Facebook has not done enough over the years to solve these issues. They obviously know that they have a weakness when it comes to database security. They do not acknowledge how serious of an issue this is when they continue to face security problems. They are not doing enough to protect the data of their users. When this data is in the wrong hands, it could potentially be used to harm the user’s whose data has been stolen. It seems as if Facebook has so much power that they know they will still be fine even with these data issues. They are not taking the proper stance on the issue when they respond by saying that there is nothing Facebook can do. It is unacceptable that they would put the responsibility completely on the user by saying that they need to keep an eye out for phishing. I completely agree with you that they need to put an emphasis on data security.
It would be one thing if this data breach involved behavioral and non-specific data, but this involves very personal and sensitive information. This information can be used by criminals to commit more crimes and scams. The data can be distributed among criminals which could potentially lead to many issues for users whose data was hacked if they are not very careful. A social media account should not come with this much of a risk. Facebook is not doing what it needs to do in order keep data safe and they are not being held accountable.