Facebook Exposes Personal Data
Facebook recently released a statement detailing how over 6 million of its 1.1 billion users had their personal information unduly exposed. The cause? A minor error in the software of one of its largest archives. This error inadvertently allowed unauthorized users to view confidential contact data (such as email addresses and phone numbers) without any need for a password.
This could have been avoided. Facebook found evidence of the leakage dating back to 2012, but it was not publicly noticed and brought to their attention until June 18, 2013. Had Facebook been conducting thorough and consistent security audits, they could have lessened the exposure and avoided some very bad press.
Unfortunately, this is not the first time Facebook has been in the news for its poor handling of data. In July 2012, there was a similar breach where a private security consultant used a piece of code to gather information on over 100 million profiles. This was not seen as a hot topic issue because the information gathered was not secured by the user, and therefore in the public domain. But, it does brings up some interesting points which many users seem to forget when they surf or post to social media.
For any social media sites, you should follow these rules:
Rule #1: Do not post private information on the internet, regardless of security or visibility options. If you are not comfortable with sharing your location with 1.1 billion users, it is strongly recommended you avoid posting that information. Be wary of who might use your profile against you.
Rule #2: Try to keep separate social media profiles for work and personal. LinkedIn and Facebook are perfect examples. LinkedIn, while useful for businesses, is not geared towards someone looking to keep in touch with friends and family. Facebook, is useful for both business and personal. But, keep in mind it is first and foremost a personal website.
Rule #3: Check your privacy settings. Facebook in recent years has really stepped up their game on how best to protect personal user data. One can now determine which posts and pictures can be seen by whom. You may decide you want your friends to see your new car, but do not necessarily want your jealous ex to know. This is done by simply changing the visibility setting on each post. It can also be done globally if you prefer.
Rule #4: The internet does not forget. Remember the ‘accidental’ drunken photo you posted online and thought you deleted? Odds are: somewhere out there remains a copy someone snagged before it was taken offline. This and other posts you might have created, could be used against you in a malicious manner. Think before posting. In other words: ‘Never post anything you don’t want printed on the front page of the paper.’
An amusing case to end on. A Wisconsin man claimed he could not pay child support. Yet he posted several pictures on his Facebook page showing him with several hundred dollars in cash. Needless to say, he is likely re-examining how best to protect his data as the judge at his hearing was not amused. He probably takes the phrase “think before you post” a little more seriously now.
For over 30 years, Scott Greene has been helping companies meet the challenges of the swiftly evolving computer technology industry.
Directly from high school, Scott went to work for IBM. Scott studied Systems Engineering at the University of Arizona. He has since earned certifications in many products and programming languages.
The Evidence Solutions team analyzes data from Computers, Cell Phones, Black Boxes, Dispatch Systems, Medical Records, Email systems and more. Scott then explains the digital evidence in plain English.
Scott’s extensive knowledge draws clients to him from all over the United States as well as Internationally for consulting, Forensics and expert witness services. His extensive and diverse experience allows him to be an expert in many facets of digital and electronic evidence. Scott, a sought after speaker and educator, travels throughout the country sharing his knowledge and presenting to local, regional, national and International organizations.
Copyright Evidence Solutions, Inc.
Disclaimer: While every effort has been made to ensure the accuracy of this publication, it is not intended to provide legal advice as individual situations will differ and should be discussed with an expert and/or lawyer.For specific technical or legal advice on the information provided and related topics, please contact the author.