New Delhi: It was an entirely unsettling incident for social networking users, when a few days back Twitter’s CEO account was hacked, and when Facebook’s Data leak incident surfaced recently, it set off another bout of unquiet among users. But what is even more unnerving is the ‘couldn’t care less’ attitude of these tech giants which they often assume after every such episode.
Facebook, the social networking tech giant is again in the limelight since the surfacing of Facebook-Cambridge Analytica scandal in early 2018.
In the recent episode of a Facebook data breach, millions of phone number linked accounts of various users were found on an unsecured server. As this server was not protected with any password, it was available for anyone to access. Though this database has been taken offline but it exposed over 419 million records across the world including 133 million records on US-based Facebook users, 18 million records of users in the UK, and about 50 million records on users in Vietnam.
These records had the user’s unique Facebook Id and phone number attached to it. Anyone can easily identify the account’s username from this unique Id. Though from the last year Facebook users phone number were not made public, but the recent leak of phone numbers linked to accounts has put many at the risk of ‘spam calls and SIM-swapping attacks.
SIM-swapping technique-which also allegedly has been used to hack Twitter CEO account-involves tricking phone service provider to provide person’s phone number to an attacker. After acquiring phone number, the attacker can reset the password of the account associated with it from anywhere by using passcode available on this phone number. He can even steal data and other sensitive information too from the user’s phone.
These records were obtained using data scraping technique, which Facebook disabled last year aftermath Cambridge Analytica scandal, in which almost 80 millions’ Facebook profiles were harvested without their consent.
First report of Cambridge Analytica’s harvesting people’s profile came in 2015 involving a US senator. Later this data was used to identify floating voters and these were allegedly manipulated in US presidential poll 2016.
However, even after this serious security leak, Facebook’s callous response is entirely unnerving for everyone. Facebook has tried to brush aside this incident by saying that database exposed online has an old data set which includes information before the Facebook removed access to user’s phone number and thus may not have compromised the account users’ data.
Facebook spokesperson Jay Nancarrow said on the incident, “The data set is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers.” “The data set has been taken down and we have seen no evidence that Facebook accounts were compromised,” he added.
But the question arises that many phone number leaked may still be in use and would be attached to user’s Facebook account, as Facebook only last year has taken down the user’s phone number access feature. Another equally important question is who scraped this data and for what purpose.
Almost every social networking sites offer a two-factor-identification feature to make it more secure, but the string of this kind of security leaks may prompt users to forgo this feature entirely.
Social networking platforms offer users to share freely their ideas, pics, etc. to connect with other people, but such episodes only let down users, and may eventually dampen the sentiments around social networks.