We can easily read the latest news on Facebook’s transgression of not protecting privacy of 50 million users on the CNN website , on 2015 this ‘hack’ supposedly happened and Facebook ‘let’ it happen.
I guess the media and the rest of the world was not paying attention, as in 2009 Dark Reading story: “Private Facebook Info exposed By Simple Hack”
Apparently a blog called FBHive was able to view supposedly private information .
How about this:
In 2008 a Sophos video about how to view everyone’s birthdate on Facebook, even if it claims to be “secure”.
So all one needs to do is hack Facebook. So what do I mean by that? Well, all one has to do is to play around with the URL settings of Facebook.
I.e. https://www.facebook.com/<FirstInitialLastname> for main account lookup, but then you need security username and password.
If you use https://www.facebook.com/photo.php?fbid=
Then use a set of numbers, which you can modify to look at other people’s information. What all these hackers found out is that Facebook has some settings that are public no matter what Facebook Privacy settings are. (we are not going to ‘hack’ Facebook on this post) .
So, what to do? The only thing one can do is to have a sufficient red team and make many tests from outside Facebook. It is obvious that Facebook does not have the capability to review its own security flaws.
So if one is a programmer then one can create quick programs to cycle through all numbers and place them in your own database, thus creating your own database of all the Facebook userbase.
There are more problems, one programmer was able to delete other user’s photo albums. The specific details are at zerohacks.com “Deleting any photo albums – How I hacked Your Facebook Photos”
Needless to say the enterprising programmer was able to delete another photo album and received $12.5k from Facebook’s bug bounty program. (He released to Facebook first not to the criminal hackers).
A serious Cybersecurity Audit must be performed by known attackers, call the ethical hackers or certified Information Systems Auditors (CISA). The price for this audit is cheap compared to the damage being done to Facebook today (many billion$ in stock price and reputation). The estimates are that Facebook has over 2 Billion monthly active users (Zephoria Digital marketing).
Even as some younger users disconnect due to shifting moods, there are still quite a few users on Facebook. I suspect this is only a beginning of the blowback to the Facebook reputation. As this latest election related snafu has created quite a big spotlight.
The point of this post is to be careful what you post, as if you post, it is public no matter the safeguards. Hackers are always out there probing for weaknesses, and it is better to find them yourself rather than have the criminals tell you after a defining Cybersecurity event for your company. TonyZ says: “Do not post anything that you are embarrassed for the world to know!”
Contact Us to discuss your Cybersecurity audit program.