Published: May 13, 2021 on our newsletter Security Fraud News & Alerts Newsletter.
There’s a long history of data breaches that Facebook has yet to shake, and keeping up with their latest isn’t easy because they keep happening. As Facebook has expanded its user base over time, this most recent breach affected 533 million users in 106 different countries, roughly 20% of its users worldwide, with 32 million victims in the U.S. So far, Facebook has chosen not to alert its users to this breach or really admit it happened. So, if you’re a Facebook fan, keep reading and share this alert with friends and family – they’ll thank you for it.
Watch What They Do, Not What They Say
The $900 billion company has a beleaguered history of failing to protect customer data in what are now massive breaches that seem to be more frequent and larger every time. When asked about this latest incident, a Facebook spokesperson commented “This is old data that was previously reported on in 2019.” Also saying “We fixed this issue in August 2019.” If the spokesperson’s comments were intended to make those affected feel better about their PII (personally identifiable information) being on the dark web for free, it failed.
According to security experts, this Facebook security event may be the worst of all. This time, the compromised PII included physical and email addresses, usernames, cellphone numbers, gender, relationship status, and more and was made public on underground sites. Although overtly harmful PII like Social Security numbers were not divulged in the breach, bad actors can do plenty of damage with the PII they now have. Cybercriminals host countless email phishing campaigns with user information and many are highly effective spear phishing attacks. Still others cobble together the bits and pieces of PII from different breaches to build identity profiles used for further attacks like identity theft and financial fraud.
Facebook vs. LinkedIn: Clearing the Confusion
Cybersecurity expert Jim Stickley, CEO of Stickley on Security, commented on the confusion between this Facebook data breach and an incident recently involving LinkedIn. There’s a significant difference between the two, and Jim points that out by clarifying, “While there is a site right now selling a “LinkedIn database” containing 500 million records, this is not due to a LinkedIn breach but instead is just a pull of publicly available data from LinkedIn pages…Many people seem to be mixing this up with the Facebook breach which was tied to data being obtained through a security failure on Facebook’s part. Though Facebook is quick to point out that it is not technically a breach either.”
To Post, Or Not To Post?
The short answer to this recurring question is to not post. The least you can put on world-reaching public forums that can be used against you, the better. Also, periodically check your Facebook security settings to ensure they are the strongest possible. It’s especially important to keep your profile private to protect you, as well as your friends.
When Apologies Have No Meaning
Regardless of how Facebook labels this latest security failure, the ineffective approach to protecting customer PII is obvious by now. Absent any data security regulations in the U.S., we can expect Facebook to continue going from one data breach to the next with little to no consequences. After all, it’s the users of this social media platform who are paying the price with their PII. It’s no surprise the now tiresome public apologies by Facebook CEO Mark Zuckerberg and his promises to do better next time ring hollow.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at email@example.com