For the second time this year, 50 million Facebook users have been affected by a data breach. The first breach involved Cambridge Analytica earlier this year and the sale of user data. The most recent breach occurred at the end of September when hackers took advantage of a feature to access tokens and take over accounts. In light of national cybersecurity month, we'd like to share more about this hack and provide your business with cybersecurity recommendations.
About the Breach
Facebook allowed users to access the "view as" feature which changed profile views based on the selection. This feature granted hackers access to user access tokens, which are "needed any time the app calls an API to read, modify or write a specific person's Facebook data on their behalf", according to Facebook. With this data, hackers were able to take over accounts, including third-party accounts that used Facebook tokens for log in.
What Facebook is Doing
In order to protect user data, Facebook is working on fixing the vulnerability and has reported this breach to the proper authorities. As a precaution, Facebook has reset an additional 40 million user tokens beyond the 50 million affected accounts. During the investigation, Facebook is removing the "view as" feature until it is safe to re-release it.
What Your Business Can Do
Cyber risk comes in many forms so it's best to have cybersecurity protocols in place to mitigate the risk of an attack. Businesses should be cautious of employee internet activity while using the business network. In addition, staying cautious of malicious emails can prevent phishing attacks and other hacks. Caution employees to never click on links from unverified sources. In some cases, business data may be released to the dark web due to accidental employee mistakes. Take advantage of our free dark web security check here to see if you business data is at risk.
It's clear that a cyber breach can happen to any business, which is why cybersecurity is critical for all organizations. CPI can help your business through disaster recovery measures, 24/7 remote monitoring, strategic planning, and more. It is highly advised to work with technology specialists who are able to develop a cybersecurity plan that works for your business. Remember, every business is different and should not be serviced with a one-size-fits-all solution.