In a week that Facebook again revealed that there was yet another breach last month affecting 30 million users to some degree or another we look want to help users and get the facts straight.

So what are the facts as we have them?

facebook breach

So for some people, the Facebook breach affected:

  • Name
  • eMail Address
  • Phone Number
  • Date of Birth
  • Recent locations you’ve checked or been tagged in

For the second group, the Security breach affected:

  • Name
  • eMail Address
  • Phone Number
  • Date of Birth
  • Posts on your timeline

Some security experts are reporting that information about a users marital status and home town was also stolen in the attack.

What is the impact on me the user?

The short answer, is nothing immediately, but don’t be fooled into a false sense

facebook security
Frame of an animation by the U.S. Federal Trade Commission intended to educate citizens about phishing tactics.

of security.

The information that has been stolen, will be used in the future in phishing attacks against users, it will be part of a growing database of data the hackers have gathered.

The information that has been stolen would allow a hacker to impersonate an individual to a certain extent, lets face it, the information is quite a common list of security questions for many organisations including banks!

You should make yourself more aware of phishing attacks and if at all possible, take extra precautions with your email filtering. Remember that phishing works by appearing to come from people and organisations that you are liked or associated with.

Phishing has come a long way since the crude bank emails sent with poor grammar and plenty of spelling mistakes.

What can be done to protect us in the future?

This is my personal opinion, so if you feel the need to rant at me – go ahead!

First of all, don’t give Facebook information that you think may be linked to your identity and that Facebook doesn’t need to operate. (For Facebook, read any social media network).

Second, we should be encouraging financial services and other critical data organisations to change up their security.

In the video above, David Hald speaks about Multi-Factor security at an event I attended several years ago. Yet, financial services have been slow to adopt good security.

Sending an SMS to your phone as part of your login sounds great, but I for one live in a remote area that doesn’t have great mobile coverage, as a result and bank that uses that sort of security is a fail for me.

What about the card readers that banks often use (or used to use)? Well it is well known in the security world that the original algorithm for the security key generation was stolen many years ago and there is more bad news that has been around since 2009. Cambridge security boffins found several flaws.

I’m a fan of things like Googles Authentication application for added security to website logins etc, it just flaws bots every time, but it is not infallible.

U2F is a good solution, read more about it here. But as with anything, given enough time, hackers will find ways to overcome the security we place in their way. It’s just a matter of time.

It’s time for a change: a combination U2F and something like the Google Authentication and some very random question and answer sessions would be great in my book. When I say random questions obviously these need to be provided first, but things like the colour of your front door, the extension of your phone at work, the make of your washing machine or cooker etc.

What we should be avoiding are questions about your date of birth your town of birth or your first school etc. Too many of these things are on social media.

Check your email address

If you would like to check and see if your email address has been captured in a security breach then you can check it out here:

Leave a Reply

Your email address will not be published. Required fields are marked *