It has been reported that around 533 million Facebook users are thought to have been affected by a recent data breach. While that number itself is enormous, this itself may just be the tip of the iceberg.
Going forwards, Facebook has stated the vulnerability that enabled this information to be scraped was patched back in August 2019. However, this does nothing to protect the information that has already been leaked.
The information was available to bad actors to freely access and the consequence is likely to be a flood of spear-phishing and social engineering attacks. If these are correctly targeted, the impact could be considerable.
Commenting on the incident for Digital Journal is Paul Martini, who is the CEO of cloud cybersecurity company iboss.
Martini looks at the Facebook (and related) issues from the business perspective, finding: “Industry research has found that the majority of employers have expressed concerns about how social media poses a cybersecurity risk to their networks.”
People need to be cognizant about the amount of information they hand over to social media firms and question whether they need to provide quite as much. In the wrong hands, the data enables a rogue actor to assemble a digital portrait of the social media user.
Martini taps into this concern, especially with billions of social media users: “While most people consider these platforms as a way to connect or reconnect with friends and family, they hold a lot of personal information about each user. In the wrong hands, this information can have far-reaching impacts at organizations of all sizes, both in the public and private sectors.”
The data of most concern is a mix of: “Phone numbers, email addresses and other personally identifiable information.” This means people need to be careful with the types of data they share with a social media company.
By assembling this, Martini says, the rich data “found on these sites are a gold mine for threat actors looking to launch spear-phishing or other social engineering campaigns.”
In terms of what businesses should do in response, Martini says: “Organizations should take this as an opportunity to remind their teams about cyber hygiene best practices, such as changing passwords frequently and taking extreme caution before clicking any link in an email.”