Daily Bulletin

News

  • Written by Paul Haskell-Dowland, Associate Dean (Computing and Security), Edith Cowan University

Over the long weekend reports emerged of an alleged data breach, impacting half a billion Facebook users from 106 countries.

And while this figure is staggering, there’s more to the story than 533 million sets of data. This breach once again highlights how many of the systems we use aren’t designed to adequately protect our information from cyber criminals.

Nor is it always straightforward to figure out whether your data have been compromised in a breach or not.

What happened?

More than 500 million Facebook users’ details were published online on an underground website used by cyber criminals.

It quickly became clear this was not a new data breach, but an older one which had come back to haunt Facebook and the millions of users whose data are now available to purchase online.

The data breach is believed to relate to a vulnerability which Facebook reportedly fixed in August of 2019. While the exact source of the data can’t be verified, it was likely acquired through the misuse of legitimate functions in the Facebook systems.

Such misuses can occur when a seemingly innocent feature of a website is used for an unexpected purpose by attackers, as was the case with a PayID attack in 2019.

Facebook data breach: what happened and why it's hard to know if your data was leaked Chief technology officer of cybercrime intelligence firm Hudson Rock, Alon Gal, discovered the leaked database, posting screenshots on Twitter. Twitter

Read more: PayID data breaches show Australia's banks need to be more vigilant to hacking

In the case of Facebook, criminals can mine Facebook’s systems for users’ personal information by using techniques which automate the process of harvesting data.

This may sound familiar. In 2018 Facebook was reeling from the Cambridge Analytica scandal. This too was not a hacking incident, but a misuse of a perfectly legitimate function of the Facebook platform.

While the data were initially obtained legitimately — as least, as far as Facebook’s rules were concerned — it was then passed on to a third party without the appropriate consent from users.

Read more: We need to talk about the data we give freely of ourselves online and why it's useful

Were you targeted?

There’s no easy way to determine if your details were breached in the recent leak. If the website concerned is acting in your best interest, you should at least receive a notification. But this isn’t guaranteed.

Even a tech-savvy user would be limited to hunting for the leaked data themselves on underground websites.

The data being sold online contain plenty of key information. According to haveibeenpwned.com, most of the records include names and genders, with many also including dates of birth, location, relationship status and employer.

Although, it has been reported only a small proportion of the stolen data contained a valid email address (about 2.5 million records).

This is important since a user’s data are less valuable without the corresponding email address. It’s the combination of date of birth, name, phone number and email which provides a useful starting point for identity theft and exploitation.

If you’re not sure why these details would be valuable to a criminal, think about how you confirm your identity over the phone with your bank, or how you last reset a password on a website.

Haveibeenpwned.com creator and web security expert Troy Hunt has said a secondary use for the data could be to enhance phishing and SMS-based spam attacks.

How to protect yourself

Given the nature of the leak, there is very little Facebook users could have done proactively to protect themselves from this breach. As the attack targeted Facebook’s systems, the responsibility for securing the data lies entirely with Facebook.

On an individual level, while you can opt to withdraw from the platform, for many this isn’t a simple option. That said, there are certain changes you can make to your social media behaviours to help reduce your risk from data breaches.

1) Ask yourself if you need to share all your information with Facebook

There are some bits of information we inevitably have to forfeit in exchange for using Facebook, including mobile numbers for new accounts (as a security measure, ironically). But there are plenty of details you can withhold to retain a modicum of control over your data.

2) Think about what you share

Apart from the leak being reported, there are plenty of other ways to harvest user data from Facebook. If you use a fake birth date on your account, you should also avoid posting birthday party photos on the real day. Even our seemingly innocent photos can reveal sensitive information.

3) Avoid using Facebook to sign in to other websites

Although the “sign-in with Facebook” feature is potentially time-saving (and reduces the number of accounts you have to maintain), it also increases potential risk to you — especially if the site you’re signing into isn’t a trusted one. If your Facebook account is compromised, the attacker will have automatic access to all the linked websites.

4) Use unique passwords

Always use a different password for each online account, even if it is a pain. Installing a password manager will help with this (and this is how I have more than 400 different passwords). While it won’t stop your data from ever being stolen, if your password for a site is leaked it will only work for that one site.

If you really want a scare, you can always download a copy of all the data Facebook has on you. This is useful if you’re considering leaving the platform and want a copy of your data before closing your account.

Read more: New evidence shows half of Australians have ditched social media at some point, but millennials lag behind

Authors: Paul Haskell-Dowland, Associate Dean (Computing and Security), Edith Cowan University

Read more https://theconversation.com/facebook-data-breach-what-happened-and-why-its-hard-to-know-if-your-data-was-leaked-158417

Writers Wanted

Demand in Birtinya surges, Cube Development sells out

arrow_forward

What you should know about android incentive installs

arrow_forward

The Conversation
INTERWEBS DIGITAL AGENCY

Politics

Prime Minister Scott Morrison delivered Keynote Address at AFR Business Summit

Well, thank you all for the opportunity to come and be with you here today. Can I also acknowledge the Gadigal people, the Eora Nation, the elders past and present and future. Can I also acknowled...

Scott Morrison - avatar Scott Morrison

Morrison Government commits record $9B to social security safety net

The Morrison Government is enhancing our social security safety net by increasing support for unemployed Australians while strengthening their obligations to search for work.   From March the ...

Scott Morrison - avatar Scott Morrison

Ray Hadley's interview with Scott Morrison

RAY HADLEY: Prime Minister, good morning.    PRIME MINISTER: G’day Ray.   HADLEY: I was just referring to this story from the Courier Mail, which you’ve probably caught up with today about t...

Ray Hadley & Scott Morrison - avatar Ray Hadley & Scott Morrison

Business News

Expert guide on health and safety when your ‘workplace’ is the road

The boom in ridesharing, food delivery and parcel delivery services has seen more cars on the road for work purposes. In 2020, online retail sales were up 63 per cent,[1] and food delivery service...

The Ideas Suite - avatar The Ideas Suite

Step by Step Moving Guide for Moving an Office

Compromising office hours, carrying bulk equipment, moving sensitive files — office relocation is no cakewalk. There is so much to do when you want to relocate your office. Aside from the major tas...

News Co - avatar News Co

5 Effective Employee Retention Strategies You Can Apply to Your Organization

Your employees are the lifeblood of your organization. No matter how great you think your company is, without the right talents to keep your business up and running, all your efforts to rise above...

News Co Media - avatar News Co Media