Facebook hack and how it affects You
When Facebook announced in September that 50 million user accounts had been exposed to unauthorized parties, it led to a lot of confusion over how much data was actually compromised. This was by far the biggest reported data breach in the history of the social media giant. It also took Facebook another 11 days to bring the situation under control.
Weeks after the public was notified of the attack, there is so much still unknown regarding how long the hackers had access to users’ data. Facebook still does not know what information was taken. Are we likely to see another Ashley Madison situation where hackers could be posting millions of private messages online for the whole world to read? Is there an underlying ransomware or blackmail demand in the offing for high-power individuals and corporations caught in the dragnet?
According to Facebook engineers, a security bug in the website’s “View As” feature led to a series of bugs which ended up generating an access token that allowed users to log into the website via a third-party app. This means that the intruders could in theory control any affected user account in the same way as the account owner. Even though Facebook released another statement that there is no evidence that any other apps were accessed using the Login tokens, many questions are still unanswered.
This is yet another reminder that individuals and companies still have a lot of work to do in ensuring that their private information and customer data are kept secure in a cloud environment. The loss of privacy could lead to serious reputational and financial damage to a company, and that could take years to recover from. How protected is your company’s infrastructure against intrusions when you delegate your web-apps’ authentication to social networks? As we see yet another technology leader report damaging security breaches, it begs the question — how do you absolutely keep your personal and corporate information safe from hackers?
One solution is the use of a authentication method that is impervious to external attacks by design. This would be a security solution that will in effect create a data flow that cuts away network vulnerability points like access tokens, network ports and replicas of the identity database, in such a way that access is restricted only to the legitimate owner and network administrator. This way, you as the user never even need to trust Facebook and any other service provider with your security and access authentication. The user can then maintain total control over login attempts, ensuring that at no point can an unauthorized third-party attempt be successful.
Without any port forwarded through the firewall that can serve as a vulnerability point, it won’t matter how large the corporate domain and private network is. This will allow for proper scaling without worrying about creating more vulnerability points in the cloud network.
It is usually difficult to say that a security solution is “unhackable” but by ensuring that all common vulnerability points are removed and that you never have to open your ports for any reason or leave your access capacity in the hands of the vendors, it is possible to keep your business running smoothly without the fear of hacks or security breaches.
In conclusion, Facebook’s recent struggles is another timely reminder that even with all the advancements in cyber-securities, cyber-hackers are also getting more sophisticated in the ways they target networks and online infrastructure for vulnerability points, further emphasizing the need for more robust security solutions.
