4 Important Cybersecurity Lessons From Facebook’s Recent Data Breach

Home Forums Cyber Security 4 Important Cybersecurity Lessons From Facebook’s Recent Data Breach

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
  • #2329

    The news of Facebook’s data breach that affected more than 50 million users is still fresh in our minds. I believe it’s right to conclude that that was the most publicized data comprise in recent times. There are a number of reasons why the Facebook/Cambridge Analytica security breach attracted so much attention.

    For once, Facebook happens to be the biggest company in the world collecting personally identifiable information. So such a massive breach of users’ data was bound to raise a whole lot of alarms. Secondly, people are becoming more conscious of their privacy online. As cybercrime cases rise in record numbers, everyone wants to ensure that their data is not comprised in any way. This is especially when that data is sensitive information such as financial details.

    It is easy to trust a company like Facebook to safeguard your information. But what most people don’t understand is that Facebook actually shares this information with a lot of third party companies. Cambridge Analytica was just one of them but it is NOT the only one. There are a lot of apps, for instance, that use your Facebook information to engage you. A good example is a recent upsurge of ‘Quiz Apps’. These are applications that use your Facebook information to provide answers to questions, mostly for fun. For example, they can tell which of friends will play what role in your wedding or funeral.

    From the onset, it should be very clear that your information is being accessed. But sadly, many users seem oblivious to this. Although the quizzes and games can be fun, we should be conscious of the fact that our personal information might be used for other purposes beyond providing answers. Do we know what else these apps use our personal information and that of our friends for?

    That is why the Facebook data breach should not only be another hot news for the mainstream media. We need to think about how these kinds of breaches endanger our personal information and more importantly, what lessons we can learn from them. What does it tell us about our privacy online? Just how much information should we provide on social media platforms?

    Here are 4 important lessons we can learn from the recent Facebook/Cambridge Analytica data breach.

    1. We should be wary of third-party apps

    Like I mentioned above, companies like Facebook are tolerating data integration with third-party applications. Although these should not be a security threat per se, it is important to look at the kind of information these applications will have access to. Each third-party app will have access to different kinds of information, and before you integrate them with your Facebook account, you should understand exactly what kind of information you are giving away.

    You see, Facebook can be, to some extent, be trusted to take care of your data. But when you share your information with third-party applications you comprise your privacy. One thing you should keep in mind, however, is that these apps mostly use our Facebook information to make our experience and service delivery better. So we cannot entirely do away with them. And as long as the data they have access to is not exceedingly sensitive, there is no reason we shouldn’t use them.

    1. Cybercriminals are evolving and becoming more organized

    As cybersecurity technology evolves, so do cybercriminals. They are doing everything they can to ensure that they are not entirely phased out. So even as we develop more robust security software, cybercriminals too come with new techniques to attack them.

    This is no longer a case of one geek in a room using some software in his laptop to attack company servers. Cybercriminals are becoming more organized. They do not attack random companies for fun and self-gratification anymore. They now work as groups, even organizations, backed by powerful figures in government institutions and companies.

    When they launch an attack, they know exactly what they want, how they are going to get it and what software tools they will be using. So as companies invest in more sophisticated systems, cybercriminals are equally refurbishing their techniques.

    What does this mean? We need to rethink our software development processes. We have to focus beyond functional effectiveness and invest more in Quality Assurance testing. The software might be robust, but a simple oversight can cost a big company its reputation and unimaginable capital loss. People in charge of data security have to think like cybercriminals and eliminate any loopholes that might be used to launch attacks.

    1. High Profile Companies are now targets

    In the past, cybercriminals only focused on easy targets, usually small to medium size businesses with flimsy security systems. In fact, the US Congressional Small Business Committee estimates that SMBs make up 71% of all cyber-attack victims. What is more, the 2016 State of SMB CyberSecurity Report by Ponemon and @Keeper revealed that 50% of SMBs had suffered security breaches in 2015.

    However, as cybercriminals become more organized and advanced, their focus seems to be shifting to the bigger fish in the internet market. The attack on Facebook is prove enough that even complex security systems are now vulnerable to attacks. In fact, the Facebook/ Cambridge Analytica incident was not the first attack on Facebook. Other high profile companies have been attacked in the same way and user data misused.

    1. A company will always be held responsible for data breaches

    There is no way around it. If you are in charge of data, you will be the one responsible for answering questions if that data gets leaked. Everyone will be pointing their fingers at you, even your shareholders.

    It is, therefore, important as a company that you own up when a data breach occurs and provide the way forward. Going on the offensive will only worsen the situation and cause more panic. You will literally be telling people that you have no idea what is going on in your own company and are not confident enough to take care of data.

    Before you know it, subscriber numbers will be plummeting and shareholders begin pulling away. Owning up shows that you are confident in your abilities to put the situation under control.







    Last week, Facebook confirmed that hundreds of millions of user passwords were being stored in a readable format within their servers, accessible to internal Facebook employees. Facebook said the problem is internal. They told these passwords were never visible to anyone outside of Facebook, and to date, the company did not found evidence that someone has abused them internally or accessed them inappropriately. Interestingly, the researcher Brian Krebs issued his own report. Krebs paints a different story. Although Krebs stressed that he had no information that Facebook employees had abused his ability to read user passwords, a source told him that employees created applications that recorded the passwords of Facebook users without encryption and they were stored in plain text on the company’s internal servers. In total, between 200 and 600 million Facebook users can have their account passwords stored in plain text and searchable by more than 20,000 Facebook employees, dating back to 2012.

    Facebook has already had to deal with scandals that include the aftermath of a terrorist attack in New Zealand on a live Christchurch mosque on Facebook Live, and changes in its advertising policies to prevent discrimination in housing and credit advertising.

    Facebook adds a gap after the security gap and is again in the spotlight. This could be a new chapter that could undermine the efforts of the company led by Mark Zuckerberg to strengthen the security of the platform and gain the trust of users and authorities.


    This article goes to prove what I have been preaching to my friends for so long, all to no avail, as my words of caution fall on deaf ears. Entrusting companies that one is not involved with personally is just foolish, no matter how large or prolific the company. It is basically going out on a limb, all the while hoping that limb doesn’t get hacked off. Facebook has been proven to use social engineering methods that are morally questionable, and the fact that it shares its users’ information around in such a cavalier fashion is frankly quite worrying. This is why I have taken the healthiest approach possible to social media, which is, not using it in any way whatsoever! No Facebook, Instagram, Twitter, Tinder or any other of these nonsense accounts people make to pass time and endanger themselves. There are a million more constructive things for one to do with their times.


    The notion of even trusting a word that Facebook says is ludicrous. It is clear as day that they hoard all of our information and try to manipulate our behaviour through social engineering. The only person responsible for you and your date is yourself. Companies may be held responsible, yet they don’t conduct themselves thus. Hence why we must thrive to be informed and well prepared before being online, or avoid being online at all.


    NolanReese, I absolutely agree with you. There is no way to trust massive tech companies like Facebook to safeguard our information. For Christ’s sake, they are using it themselves in grand social engineering schemes with the intention of manipulating public opinion to their benefit! What we truly must do is arm ourselves with information, with which we would be able to manoeuvre the murky waters of online information and cybersecurity.

Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.