Another Facebook Hack – So What?
According to the information security and technology news publication BleepingComputer, personal data belonging to Facebook Marketplace users has been stolen and published online….again!!
Data leaks are happening so often that they are no longer big news, and it seems like it’s becoming acceptable for companies like Facebook to lose this amount of data.
So, what happened? A cybercriminal allegedly hacked the systems of a Meta contractor and was able to steal a partial database which consisted of around 200,000 records.
The fact that the hacker was able to gain access through a third party i.e. the Meta contractor, likely means that Meta don’t have sufficient third-party security in place. Third parties are a major and common vulnerability and if they are using their own laptops companies don’t have adequate control over what they do with their data such as downloading code or when their contract ends their access may not be taken away or data/code is not securely deleted when the contract ends.
Individuals seem to be blasé about their personal data being involved in a major data breach, being stolen, or compromised, along the lines of “it’s only my email address,” “it’s only my phone number,” so it’s “not a big deal.” But what they fail to consider is that their email address could be used in a phishing attack, or their mobile phone number used in a phone hack.
Phishing emails target users to open a malicious file or click on links to steal their credentials.
Phone hacking involves any method where someone forces access into your phone. This can range from advanced security breaches to simply listening in on unsecured internet connections. Phone hacking can compromise your identity and privacy.
This is not the first time that Facebook users’ data has been stolen and it certainly won’t be the last time.
How can companies prevent this from happening in the first place?
Here are some of the steps that can be taken to secure your customers data.
Protect company devices with approved antivirus software and firewalls.
Document a BYOD (Bring Your Own Device) policy.
Protect yourself with robust third-party supplier (contractor) agreements.
Provide cyber security awareness training for ALL staff and contractors.
Encourage employees to use strong passwords and consider using a Password Manager. Have a read of our blog Strong and Secure Password Guidance and Tips.
Implement two-factor or multi factor authentication.
Document and communicate an incident response process.
If you would like us to help you with consultancy or training, please get in touch with us today and we can tailor a solution to fit your unique needs.