So, what’s happened?
We’ve had the Cambridge Analytica scandal, last September’s security hack that affected 50 million accounts, and countless more. This month Facebook has gone and done it again. Yet another security breach, this time affecting up to 600 million user passwords.
This latest breach (stretching back to 2012) was published by KrebsOnSecurity who learned from a senior Facebook insider, that Facebook had been storing plaintext passwords that were accessible by around 20,000 Facebook employees.
It has been confirmed some 2,000 employees had conducted 9 million searches for these passwords since 2012.
Who has been affected?
Facebook have acknowledged the breach, describing the find as “part of a routine security review”, rather than a scramble to get ahead of a whistleblower. They went on to add that the data was only accessible by Facebook internally and they have found no evidence of this data being abused.
But for Facebook’s 2.32 billion active users this should still be very worrying. With a tech giant of Facebook’s size, everyday users should not have to worry about sub-standard security practices and a disregard for their data.
Despite Facebook employing an army of employees to protect its own company data – Facebook haven’t shown the same regard for its users privacy and data and continue to appear to shrug off cyber attacks and weak security practice.
The majority of those affected are users of Facebook Lite – Designed for low connectivity conditions, but Facebook has released a statement saying that they will notify affected users on both the Standard Facebook and Instagram platforms too.
What should you do?
- Change your passwords for Facebook and other accounts which share your Facebook password
Facebook has said it will make all affected users aware, but we recommend that all users should change their passwords regardless.
If you reuse your Facebook password for other accounts, you should change those too. Though there is no evidence of abuse as of now, if your password was revealed as plain text, it is now compromised for any shared accounts, no matter how strong or complex it is.
- Use strong unique passwords for each website
It’s easier than you think to create a strong password. If you’re currently using a password with a common word followed by a number, like your year of birth, then listen up because this is for you!
It’s important to use a mixture of upper and lower case letters, numbers and symbols.
You want to make sure your password is at least 8 characters.
Does this sound seriously complex just for a simple password? Definitely! But that’s just the point. If it’s hard to remember and decipher it’s harder for hackers to crack.
If protecting your personal details matters to you, then you really should ensure you have strong seperate passwords for all you accounts. That way if one account did get hacked, you’ve not left yourself vulnerable on other websites.
But how will you remember them all!? Read on to hear more about password managers; A great way to keep your passwords secure.
- Use a digital password vault to safely secure passwords for you
If you struggle to create a system for creating and remembering your passwords we recommend a password management app. There’s a few password tools you can find available. 2 popular ones that we use are LastPass and Dashlane.
Password managers are also incredibly handy for filling in all your new secure passwords for you. Meaning you don’t even have to remember your account passwords!
Both LastPass and Dashlane come with a standard edition that’s free to use. For an even better solution, upgrade to Dashlane premium for a couple of £s per user per month.
With premium options you’ll get unlimited password security for unlimited devices. You’ll also get Dashlane’s Dark Web Monitoring as mentioned above and their VPN included in the price (VPNs can cost just as much as a standalone service so this is a good deal).
So, if you’re a Dashlane user, Turn on Dark Web Monitoring. Go to your Identity Dashboard and turn on Dark Web Monitoring for the email address you used to sign up for Facebook. This way, if information related to this email is found for sale on the dark web, you’ll be notified immediately.
Lastpass has a variety of premium options – The main addition being 1GB of encrypted file storage, where you can keep critical documents accessible by you computer but not on the hard drive.
- Keep your account details safe
Within your company sometimes it might be necessary to share account details with members of your team. WHerever possible aim to give each user their own account login.
If you do have to share logins, it goes without saying that you should only give passwords to trusted members of your team. Make sure you understand who has your personal company data and ensure it’s held securely and that you regularly change the password on the account.
You should also ensure all members of your team only login and create accounts of websites with HTTPS security in place.
And so, back to Facebook – what consequences will they face?
Sadly, probably not a lot.
GDPR is an EU regulation that dictates the processing of personal data. GDPR represents the rights of an individual to know, access and control what data a company has on them.
In April 2018, Facebook agreed to implement GDPR throughout it’s platforms regardless of a users region. Upon the legislation being brought in both UK officials (The ICO sought £500,000 for failing to safeguard people’s information) and US officials (US Attorney General claimed Facebook knew months prior to coming forward) have brought charges against Facebook. But these charges for breaching GDPR barely scratch the surface of the $100 billion that Facebook’s stock share dropped following the scandal.
Despite this, with these latest revelations it looks like Facebook is still viewing GDPR as guidelines rather than enforceable law.
It seems only right that all businesses should have a responsibility to take reasonable steps to protect their customers’ data.