Millions of people around the globe today use social media everyday such as Facebook. What happens to the trust of those users whose private information and/or credentials have been compromised? Such failure to protect users data makes it vulnerable during cyber attacks. Whether it be Facebook, another social media, or any organization who holds private user information and credentials, that information could be yours.
On March 21, 2019, it was reported that 600 millions passwords of Facebook users were not protected and accessible to 20,000 Facebook employees. These passwords were also stored in plain text, which means it was plainly visible and unencrypted. Facebook reported that there were no signs of misuse and it was due to security failures. The issue was discovered in January 2019, Facebook reported.
The target here isn’t Facebook. It could happen to any other social media or organization. The importance is that organizations need to:
- Review security of private user data
- Timely notify users of their exposed credentials
- Prevent similar occurrences in the future (since this has occurred a few times in the past for Facebook)
Recall from my third blog entry about Credential Re-use. If poor security continues and users credentials and private data are not secured, this is a vulnerability. If a cyber attack were to occur and this information was compromised, the plain text passwords could be re-used across multiple sites that users may use the same exact credentials for. Let’s face it, many people only use one password.
It is important for organizations that store private information to remember that they must enforce strict security measures and review of applications developed to log user information. Such occurrences will surely hinder the trust of customers. Would you continue to trust and support an organization that has you sign a privacy agreement, but not actually keep your data private?
unic0de Deciphers 