It has been evident throughout 2018 that Facebook have been facing mounting criticism, take for example the Cambridge Analytica file scandal or most recently, OFCOM’s Sharon White’s push for stricter social media regulations. A discovery by Facebook engineers on the 25thof September has accentuated the issues facing the multi-million pound company as it became apparent that there was unusual login activity on the site, of which led to the discovery of at least fifty million users accounts being hacked. Whilst all users of the social media platform will find this news unnerving, Facebook’s Vice President of Global Marketing Solutions, Carolyn Everson, stated during Advertising Week that it was a “significant culture shift” for the company and finding the hack showed positive improvements in their security. Although admirable to highlight the progression it represents, it does not disregard that the improvements made to their security is explicitly, not enough.
Further developments on the cyber attack have suggested the hackers utilised vulnerabilities within the platforms ‘View As’ feature, which required the hackers to understand three different types of bugs, enabling them to take control of millions of users data. The access to this data included ‘tokens’ that are used to identify users, making it easier for them to log into other popular apps. For example, linking Facebook with Instagram and Twitter. These unique set of numbers meant that the hackers gained potential access to millions of third-party apps through automated log in credentials. Facebook took action by resetting the log ins of the fifty million accounts affected and a precautionary forty million other accounts to block the hackers out; whilst this may be affective for the core Facebook platform it does not confirm the security of the third-party programmes. Facebook released a statement announcing no evidence had been found to suggest that the hackers had accessed any third-party apps, but according to Business Insider, they have begun to warn it’s business customers about the data breach.
A mere few days after what is believed to be the biggest attack to occur on Facebook, research by The Independent has shockingly uncovered that some of those who were hacked now have their accounts for sale on the dark web. The consequence of these accounts being purchased increases the possibility of identity theft and blackmail.
It is not yet apparent what steps Facebook will take to handle the repercussions if these concerns materialise. At current, it falls into the hands of the account owners to consider their knowledge of cyber security. Are tokens being used to link accounts? Are passwords legitimately safe, or merely enough to be considered ‘strong’ when creating a new account and is all sensitive data being secured as best as possible? Cyber security is becoming increasingly important as the internet continues to develop; with new aspects being created every day it is crucial to recognise that as our online sphere grows and we place more of our life into the digital world, that cyber security must develop with this. Whilst it has in many ways, it has concurrently been proven that it is not adequate to protect internet users from attacks – with Facebook’s latest scandals bolstering this point.