According to a recent security study, Facebook experienced another database breach. This time more than 267 million account records, including mobile numbers, were made available for download on a hacker’s site. Bob Diachenko a security researcher and Comparitech discovered the leak. The criminals in Vietnam who abuse Facebook’s API or an illegal scrapping operation are key suspects in this data hack. It’s not the first time Facebook suffered data breaches, but this one is the biggest of them all. It’s so unfortunate to learn that the firm has not yet recovered from the brutal Cambridge Analytica scandal in which Facebook’s policies aided in the extraction of hundreds of personal data.
Encryption solves the recent data breach epidemic. This ensures that businesses use improved encryption methods to protect their data so that if it’s breached, it’s useless without password decryption. Private data is practically impossible to hack if it uses an encryption password. According to a password strength checker, an easy password like “I love screens ranting” would take a new generation to guess it right. With simple passwords almost impossible to crack, why aren’t organizations safeguarding our data?
Unfortunately, many firms rely on outdated systems and databases that are not encrypted, so transferring millions of account users may cost a fortune. Unfortunately, the upfront expense of switching to a system that can secure data is deterring businesses from upgrading. So at some point, consumers would lose confidence in companies who hesitate to encrypt data, and this might cost them a lot more than the cost of switching to a more secure program.
How did hackers access Facebook’s data?
How hackers got user names and phone numbers is not clear. One explanation is that the data got stolen from Facebook API before the company limited access to sensitive information in 2018. The Facebook API is the key that app developers use to add social context to the application by accessing individual friends list, user profiles, groups, or images. In 2018, restrictions to contact details were available to third-party developers before 2018.
Although there is also speculation that Facebook’s API could have a security flaw that allows hackers to access sensitive personal data.
The last theory states that the data got stolen without the aid of the Facebook API and instead it got scraped from public profile pages.
Scraping of Facebook is when hackers use automated bots that quickly browse through lots of web pages while copying specific data harvested from each page and pasting it into a database. It is a daunting task for Facebook’s administrators to differentiate between an automated bot and a legitimate user. Scraping is a banned practice in Facebook and other social media networks’ terms of service.
Almost everyone who has a Facebook account has had their profile settings set to public visibility. This option gives hackers using these bots a serene time scraping data. So next time you use any social media platform, read the user agreement carefully to make sure that your data is safe.