Social media juggernaut Facebook made the headlines yet again, this time as the victim of a massive data breach that affected as many as 50 million user accounts. But one cyber expert warns stolen logins should not be the only thing users are worried about.
According to the company, hackers have managed to exploit a vulnerability in Facebook’s code to access the “View As” tool – an option that allows users to view how their profile looks to other people. From there, hackers stole access tokens, which normally allow users to stay logged into their accounts. These stolen tokens can then be used to hijack profiles.
“This is just another day for Facebook, unfortunately. With how much press they’ve been getting – and not for good reasons – it comes down to how they’re creating code,” Burns & Wilcox corporate vice-president and director of professional liability David Derigiotis told WWJ Newsradio 950.
Derigiotis explained that there is no need for users to reset their passwords, since the data breach did not involve passwords, but did suggest that users should start carefully considering what sort of data they post online for the public to see.
“But I think now is a good time to reflect on what information – what data trail are we leaving on Facebook,” he remarked. “Take a look at prior posts that you have. Is there really a need to have years and years’ worth of information that we’re giving away?”
Constantly sharing details of your personal life on social media could invite disaster – regardless of whether your account has been accessed by an outsider or you are posting publicly for everyone to see, Derigiotis cautioned.
“We allow people to collect a profile of information on us. And they can use that to carry out attacks,” he remarked. “You have no need to leave pictures online for extended periods of time.”
Derigiotis suggested that users do not have to stop sharing photos with family and friends, but recommended that such data should be removed online after weeks or months.
He also had several thoughts about people who post on social media about their trips or immediate locations.
“Leaving a trail of our whereabouts, what our normal routines look like – you’re giving somebody a glimpse into your life every single day,” he said.
Derigiotis cautioned that the industry still does not know if the Facebook breach also affects services that require users to login with their Facebook details.
“We don’t know if [hackers] can view other third-party apps that we use Facebook to log into,” he warned.
“So think of all of the other places that you log in with your Facebook to access third-party apps. Maybe it’s your Messenger. And you have a long history of very important or confidential texts and chats that you’re having with people.”
“It might be a good idea now to go in and reset the login for those particular third-party apps,” Derigiotis proposed.