(Another) Facebook privacy breach:
Keep your data safe
The blue-and-white "f" logo is inescapable, ubiquitous in online, print, and digital advertising. Facebook is an essential tool in most organizations' marketing and communications kits, for good reason.
Over two-thirds of adult Americans use Facebook, making it the most utilized social media platform (second only to YouTube, which almost three-fourths of adults in the US use). Around half of those Facebook members changed their privacy settings in the year previous to a survey conducted in May and June of 2018.
Following revelations about a series of user data exposure, public trust in Facebook has plummeted. March 2018 reporting on the data of at least 87 million Facebook users having been collected by Cambridge Analytica without user permission led to a 66% drop in public trust in the social media giant. The news in June that Facebook shared data on Facebook users and their friends with numerous cellphone makers continued to erode faith in Facebook's commitment to privacy protection.
The latest security concern
Then, in September 2018, another bomb dropped: a vulnerability in the "View as" feature in Facebook paired with a few other security flaws had exposed the data of as many as 50 million users, a number later dialed back to 29 million. Facebook forced 90 million users to log back in to their accounts after announcing the security flaw, including 40 million people who had merely used the "View as" feature since the vulnerability began to be actively exploited In July 2017.
The "View as" feature lets a user see how their profile appears to other users or to the public. The bug which hackers exploited unintentionally exposed the Facebook security tokens that allow mobile users to log into their account without re-entering their password. The "View as" bug gave hackers access to these digital "keys," allowing malicious third-party apps full access to user accounts.
According to Facebook's own security update surrounding the September 2018 security breach,
- For 15 million people, attackers accessed name and contact details (phone number, email, or both, depending on what people had on their profiles).
- For 14 million people, the attackers accessed not only that information but also other details people had on their profiles: username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches.
Despite plummeting trust in the platform, Facebook's active monthly user numbers have stayed relatively steady at 2.23 billion. Regardless of how wary they might be about its motives and priorities regarding privacy, users can't quit Facebook.
That might be good for your company's social media marketing strategy, but it should raise concerns about steps you, your employees and your clients should take in the wake of the latest breach. Specifically regarding the September 2018 "View as" data exposure, you can see whether your account was hacked and what information may have been seen by going to Facebook's Help Center security notice and scroll to the bottom of the page. If you see the following message, Facebook suspects or knows your account was affected.
While Facebook says that access tokens were reset in late September and that they don't believe passwords were stolen, it's a good idea in general to change passwords regularly. And since sensitive data not limited to usernames, phone and email contact information, and birthdates may have been revealed, your two-factor authentication might be compromised.
Go now to your Facebook Security and Login Settings and
- Change your password
- Change your method of two-factor authentication, whether by text message (SMS) or third-party authentication app.
Additionally, the FTC advises to watch out for imposter scams:
With access to your Facebook account, hackers can get a lot of information about you. That information could be used to impersonate people you know or companies you do business with. If someone calls you out of the blue, asking for money or personal information, hang up. Then, if you want to know for sure if the person calling you was really your family member or was really from a company you know and trust, call them back at a number you know to be correct before you give any information or money. And remember: anyone who demands that you pay by gift card or by wiring money is scamming you. Always.
To learn more about keeping your data and identity (and that of your company, your customers and your employees) safe, call ELBO Computing Resources at 605-361-3720.