Privacy Issues of Facebook
In this 2018 Facebook (FB) received severe criticism due to its major data breach occurred. The company’s chief Mark Zuckerberg was asked to testify before the U.S. Congress about a major data breach or leak of private user information. For this even Mark admitted the company made mistakes that led to private data being shared with a third party firm, a British research company.
In their own post FB have clearly stated that, the attackers or hackers controlled a set of accounts with access to many personal identifiable information (PII) data.
They used an programmed technique to visit from account to account so they could steal the access tokens of those friends, and for friends of those friends, and so on to multiple profiles. As of total they were able to steal information about 400,000 people. In this process, however, this technique automatically loaded those accounts FB profiles, mirroring what these 400,000 people would have seen when looking at their own profiles. Such as using a “View As” button sometimes we use.
That includes posts on their timelines, their lists of friends, Groups they are members of, and the names of recent Messenger conversations. Although message content was not available to the attackers, with one exception. If a person in this group was a page admin whose Page had received a message from someone on Facebook, the content of that message was available to the attackers.
The attackers used a segment of these 400,000 people’s lists of friends to steal access tokens for about 30 million people. For 15 million people, attackers accessed two sets of information including name and contact details (phone number, email, or both, depending on what people had on their profiles).
For 14 million people, the attackers accessed the same two sets of information, as well as other information user had in their profiles. This included username, gender, language, relationship status, religion, hometown, self-reported current city, birth date, device types used to access FB, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches.
The breach comes as FB has been struggling to crack down on data misuse and privacy issues on its platform, particularly since the Cambridge Analytica scandal that broke out in March.
However, that vulnerability was fixed by FB later.
Other things to know:
Access Token: Access Token are used in a token based authentication to allow an application to access an API. It is a string that identifies a user, app or page.
API: Application Programming Interfaces (API) give operators the opportunity to customize their application and where two application can talk to each other (integrate). Every time we are using applications such as Facebook and send messages using messenger, we are using API.
PII: Personal Identifiable Information are the information by which a person can be identified or contacted such as name, address, date of birth, Vehicle number, Full face photo, Biometric data, Account number, Social security number, Aadhaar Number, mobile number etc.
-DR
No comments:
Post a Comment