Facebook’s security protocols are once again under fire following a new security breach that affected over 50 million users.
On Friday, September 28th, the social media giant announced that hackers had exploited a website feature that allowed the bad actors to log-in and access users’ data. The attackers exploited code associated with the “view as” function, granting them to steal users’ “access tokens” – the feature which allows users to forgo the password process on each new session.
The vulnerability apparently came from a 2017 change centered around the feature which allows users to upload “Happy Birthday” videos. Due to a bug in the platform’s code, users were occasionally prompted to upload the birthday videos when “viewing” a profile as another user. And due to yet another bug in the video tool, hackers were able to acquire the “access tokens” of those users.
In the announcement, Facebook noted the company had discovered the vulnerability earlier in the week and stressed that the FBI and the Irish Data Protection Commission had already been notified. And though the company has not yet identified how much data was stolen or who was behind the hack, it has rolled out a fix and temporarily disabled the feature from which the vulnerability stemmed.
CEO Mark Zuckerberg explained, “This is a really serious security issue,” adding “This underscores there are just constant attacks from people who are trying to take over accounts and steal information from our community. This is going to be an ongoing effort.”
Did Facebook Censor Articles About The Hack?
If the hack wasn’t bad enough, it was reported that pieces covering the incident from the Associated Press and The Guardian were apparently being censored by Facebook.
Though it’s important to note that not all users were experiencing the same problem, and not all stories were being blocked, it did spark a wave of cover-up theories within the Twittersphere.
— Jed Bracy (@JedBracy) September 28, 2018
— emily bell (@emilybell) September 28, 2018
Though many speculate that the issue stemmed from anti-spam measures, it is surprising that highly-regarded news platforms such as AP or The Guardian would be marked as spam. And it raises concerns about how the spam filter functions.
Facebook quickly acknowledged the issue, stating: “We fixed the issue as soon as we were made aware of it, and people should be able to share both articles.”
The anti-spam filters were put in place to prevent bots or bad actors from spreading ‘fake news’ from shady organizations, but this incident highlights a need to revisit the protocols in place.
Are Users Becoming Desensitized?
In 2018, data breaches have become a way of life. In August alone, over 215 million records were compromised, according to IT Governance, and that’s just one month.
It’s become easy to say “Oh, I’m probably ok” or “whatever, my data is probably already out there.” But it speaks to a greater problem occurring on the web.
Giant companies are being entrusted with incredibly valuable data and, if they are not exploiting it themselves, they are often falling short in protecting it. At the same time, tech-inept governments are struggling to even comprehend the problem and users are becoming more apathetic by the day.
It’s been said that data is “the new oil,” but if that’s the case, why aren’t we acting like it? The trillion-dollar data business is still largely unregulated. Data cartels are free from real consequences, and it’s likely that even this latest Facebook breach will be swept under the rug yet again.
The rise of cryptocurrency and blockchain technology has led to a sort of revolution in cybersecurity. Developers and decentralization-enthusiasts are now working together to create alternatives to current financial, retail and social media platforms.
Steemit, arguably the most popular ‘decentralized’ social network, boasts over 1 million users. And recently, Dan Larimer hinted at a possible Steem 2.0.
In a cryptic Telegram conversation, Larimer announced the platform but kept the details under lock and key. Some even speculated the project would include a “proof of identity” which could pave the way for another one of Larimer’s favorite topics, a crypto-“universal resource inheritance,” his version of a universal basic income.
In addition to Steemit, Mastodon is another decentralized social media platform beginning to gain some traction. With over 242,000 users, the ad-free Twitter-clone is growing faster every day. And their goal is simple: “Learning from failures of other networks, Mastodon aims to make ethical design choices to combat the misuse of social media.”
The new wave of decentralized applications promises users more control over their data and greater security, but adoption is still lagging. While platforms such as Steemit or Mastodon have received a lot of attention, it’s not likely that Facebook is heading towards extinction anytime soon.
In fact, Facebook may be preparing to implement its own blockchain solutions. Zuckerberg himself has previously mentioned the need for decentralization, stating, “A lot of us got into technology because we believe it can be a decentralizing force that puts more power in people’s hands.”
Facebook’s blockchain plans haven’t been revealed just yet, but with the way things are going, a little bit of urgency might do the media giant some good.