Facebook’s reason for the data breach that has affected 50 million people on the social network and which has required 90 million users to change their passwords is due to a vulnerability that relates to Facebook’s “view as” feature. This functionality enables people to see what their profiles look like to other people. It is thought that attackers exploited code associated with the feature and were able to to steal “access tokens”, which could then be used to take over people’s accounts.
The Facebook security breach is of significance due to the size of the social media network. According to Scott Grissom from LegalShield, in conversation with Digital Journal: “In a world where personal data are obtained and shared nefariously from different sources every day, there is perhaps no more widespread social sharing platform than Facebook.” LegalShield is a corporation that sells legal service products through multi-level marketing in the U.S. and Canada.
Grissom notes that although Facebook has closed the loop hole it is has not stated what the consequences are, noting: “While Facebook says it has acted to close the window the hackers used to obtain account permissions (or “access tokens”), it is not known what information if any was taken and possibly misused.”
This is worrying, given what could happen to the data, Grissom explains. “While Facebook data are different from sensitive financial information related to credit cards or bank accounts, the data potentially contain a significant amount of personally identifiable information (PII) that can be pieced together to form a profile that can then be used fraudulently.”
He adds: “Depending on how much information a Facebook user included in their profile, this could include dates of birth, phone numbers, home addresses, maiden name, and of course information on with which people or groups the member associates.”
Grissom thinks that in such cases a speedy response by a corporation is critical: “These days, with data breaches continuing to occur, being alerted quickly to possible fraud related to the trading of this information can be critical in stemming any damage to one’s finances, including banking and credit accounts.”
As to what needs to happen in the case of Facebook and other high profile examples to prevent and to address such hacks, Grissom recommends: “nly comprehensive monitoring, consultation, and ultimately identity restoration can deliver peace of mind in the case of this and other massive data breaches.”