Would It Kill Facebook to be Secure?

FB commits another egregious breach of privacy

So Facebook once again proved that your data is disposable to them, and that an enormous internet company can’t follow basic security protocols. I don’t generally quote so much directly, but the folks at Technology Review posted the most concise account of Facebook’s latest security breach, and I wanted my subscribers to have the best version of this information.

So what happened?

The news: A security researcher discovered a database pulled from Facebook that contained over 419 million phone numbers. The data included Facebook IDs and in some cases names, genders, and countries. Because the server hosting the database wasn’t password-protected, anyone could find and access it… It’s unclear who pulled the information from Facebook’s systems or why, but presumably it must have been an employee to have that level of access.

Who was affected? The exposed server included 133 million records from US-based Facebook users and 18 million UK users. Another had over 50 million records from users in Vietnam. Unfortunately, there is currently no way to check if your data was among the leaked records”.

History repeats itself: Facebook has been involved in so many data leaks it’s almost hard to keep count. In March this year, it turned out the company had been storing up to 600 million users’ passwords insecurely since 2012. Days later, we discovered that half a billion Facebook records had been left exposed on the public internet. 

The granddaddy of them all: The Cambridge Analytica scandal led to a $5 billion fine from the Federal Trade Commission in July, along with a stipulation that top executives will have to attest that the company has protected privacy. We will see what action, if any, is taken in light of this latest leak.”- Technology Review

I am always talking to practices about making sure they have 2 factor authentication and secure, varied passwords. I regularly recommend a service like LastPass as a password vault. When companies as big and ubiquitous as FB can’t keep your date safe, you need to be extra vigilant.

Stay safe out there!

Oops! They Did It Again

Facebook blows it on security – again!

Yesterday Facebook announced that it has improperly stored millions of user account passwords.  They were stored as “plain text” and were readable by more than 20,000 FB employees.

Once again, Facebook betrays users’ trust

Although FB claims they have seen no evidence of abuse, they have proven several times in the past year that they cannot be trusted with our data despite publicly claiming that protecting it is their first priority. An audit of FB records revealed that 2000 engineers and developers at FB had made 9 MILLION queries that included plain-text user passwords.

Here’s what you need to know and do.

  • There is no easy way to know if someone had access to your account
  • Change you password – including on any sites where you use “login with FB”
  • Set up your FB account to receive alerts when an unrecognized device logs into your account: go to Settings, Security and Login, Get Alerts
  • From that same Login page you can access “Where you’re logged in” to verify any devices that are logged in and their locations – if one isn’t you, hit “remove”

We tech nerds say it all the time, but please, make sure you use different passwords for different accounts.  If you don’t, the scary example is that anyone who could read your plain text password could then use it to log in to any other account where you used it – because let’s face it, FB knows what you like and where you spend your time.

Consider using a password manager like LastPass to store, generate, and most importantly, encrypt your passwords.  If LastPass is right for you, you can use WorkingCat’s link to get your first month free by clicking to here:  https://lastpass.com/f?955046

Stay safe out there!