By Praveen Kannan and Anna Strokolyst The Hotspot Shield team believes the internet should be open and secure …
It’s not just that 50 million Facebook users have had their personal information stolen, including Mark Zuckerberg himself. It’s that we, as users, put our trust in Facebook to protect our private data, and yet again, we have been let down.
Last Friday, an attack on Facebook’s computer network exposed the personal information of around 50 million users. It is the largest breach in the company’s 14-year history, and it arrives at a time when the social media giant is still recovering from a scandal where Cambridge Analytica, a British analytics firm, gained access to 87 million users’ private information. Its sloppy handling of that data has been used to misguide populations during important political elections, and has even been linked to widespread killings via the spreading of misinformation from its messaging service, WhatsApp.
We’re still at the beginning of an investigation to learn more about this recent Facebook hack, but it likely affects hundreds of other apps, too. When you sign up for a new service and see an icon that allows you to swiftly “sign up via Facebook”, you’re not just given a faster signup process, you’re granting access for Facebook to capture what you’re doing on those apps. And the more Facebook learns about your likes and dislikes, the better it can serve you relevant ads—and therefore earn more revenue off advertisers.
In this case, the hackers stole “access tokens”—a digital key that provides access to an account. With that token, an attacker can access an account as if they were the account holder themselves. This may also provide access to services where you signed in via Facebook, apps like Spotify, Instagram, and potentially hundreds of others.
The greed Facebook has shown in wanting to control your online identity in an effort to increase revenue is especially troubling when it can’t protect that data. While the last few months have shown that people are intensely concerned about the amount of data Facebook collects (and buys), when that data is exposed to cybercriminals looking to do harm, the dangers are that much more prominent—and customers should be enraged.
This data can be used for identity theft, for scams, for the spreading of misinformation, and more. It can cause millions of dollars in damages. Because of Facebook’s inability to stop this attack, you are now more vulnerable to becoming a victim—and it’s your hard-earned money that is on the line.
Facebook says the vulnerabilities have now been fixed, but ironically, one of the flaws discovered by the attackers was built to help users better control their privacy. As it turned out, issues in the code actually exposed their users.
So what do we, as Facebook users, do?
It’s not just a matter of expecting more, it’s a matter of demanding more. Corporations have a responsibility to protect their users’ rights—and online privacy is, indeed, a basic human right. It’s easy for a company that has 2.2 billion users to see dollar signs at the quantity of information it collects—and how valuable that data is. But customers WILL leave if they feel you are untrustworthy. And without customers, you don’t have data to sell. It’s in the best interests of major tech corporations to adequately protect their users, even if that means forgoing opportunities along the way to make a quick buck.
Facebook hasn’t yet learned this lesson, but rest assured, it will. Users are already leaving, its stock price is tanking (again), and it faces a potential $1.63 billion fine if it’s found to be in breach of Europe’s GDPR privacy legislation. The downward spiral continues, and it remains to be seen how deep this crater goes.
For consumers, you have a decision to make. Do you leave Facebook entirely (something that’s not easy for users where Facebook is ingrained in their lives)? Or, do you stick it out and hope the necessary lessons are learned, understanding that righting the course of a colossal ship takes time?
There is no right or wrong answer, but one thing is clear: You must take your online privacy seriously.
Here are some things you can do to protect yourself:
- Use Hotspot Shield whenever you’re connected to public WiFi—like at a coffee shop or airport. Hotspot Shield encrypts your internet traffic to keep you secure from hacking. It also prevents your Internet Service Provider and others from tracking your every online move.
- Make your social accounts private and be careful to never post personal information about you or your family.
- Do not use the “sign up via Facebook” feature on any external app or service. Take the time to fill out the forms yourself. This prevents Facebook from accessing your external data.
- Check your credit regularly to make sure that your private information has not been used to steal your identity. Identity theft can be financially devastating.
- Be wary of an increase in Facebook scams that may occur after this recent hacking.
- Change your Facebook password.
Perhaps Rohit Chopra, a commissioner of the Federal Trade Commission, put our collective feelings best in a recent statement: “Breaches don’t just violate our privacy. They create enormous risks for our economy and national security. The cost of inaction is growing, and we need answers.”