A few days ago I found myself reading about Timothy Berners-Lee’s new decentralized web startup, Inrupt. The timing couldn’t have been better – only a few days after the huge Facebook data breach was announced. It’s as if TimBL himself had planned the coordinated attack, affecting at least 50 million Facebook users. This breach is a great microcosm – it perfectly demonstrates the problem with the current iteration of the internet.
Facebook has had a bad year-and-a-half, with at least 3 scandals shaking the tech giant to their core. First it was the “fake news” scandal, then came word (and video) about Cambridge Analytica, and now, hopefully, to end the year, we hear that millions of users were put in jeopardy when the Facebook breach exposed their ‘names, email addresses, recovery email accounts, telephone numbers, birthdates, passwords, and security question answers’ to hackers. Quite the identity theft starter kit!
The Facebook data breach: what do we know?
At the moment, not much is known about this Facebook data breach – investigations into these things take time and patience. However, Facebook’s much-maligned CEO Mark Zuckerberg and others familiar with the situation paint the following picture:
- The principal point of attack was Facebook’s “View As” feature, which had several vulnerabilities. As some of you may know, this feature was originally introduced precisely as a privacy tool, allowing users to view their profile as others (even those not in their friend list) would see it. The irony is a bit much, but here we are…
- More than one vulnerability had to be exploited in sequence in order for hackers to gain access. Furthermore, the loopholes were previously unknown. In combination, this makes the Facebook data breach a rather sophisticated effort.
- Attackers may have taken control of at least some accounts.
- After gaining control of these Facebook accounts, attackers could have accessed linked services, such as Spotify, Instagram, and a whole host of others.
Protecting yourself from this and other Facebook breaches
Aside from hoping that governments in the US and Europe will fine Facebook into oblivion, what can you do to protect yourself now and in the future?
Well, first of all, we urge you to change all the passwords linked to your Facebook account – including those of email addresses. This is especially relevant if you were unexpectedly disconnected from Facebook recently (approximately 90 million users were logged out by Facebook as a precaution).
Secondly, don’t use your Facebook account to log into other services, because a Facebook security breach like this one can trigger a domino effect, compromising a lot more than just your FB.
And, finally, use one of the best VPN services and invest in a decentralized internet!
We’ll keep you informed as the story unfolds.