Earlier this year, it emerged that the personal information of over 533 million Facebook users from 106 countries had been leaked online. In January, Alon Gal, CTO of cyber intelligence firm Hudson Rock, first reported that a Telegram bot was being used to cell phone numbers for free. The bot was using a vulnerability in a Facebook feature that allowed phone numbers linked to every account to be accessed for free.
Data Breach History
The Cambridge Analytica Scandal in 2018 revealed that a political consulting and strategic communications firm had collected personal information of around 87 million people through a personality quiz app that many had accessed through Facebook. In 2019, Forbes reported a
What leaked and how?
Sources reveal, the data breach was purely personal and no financial information was lost. However, it was obtained through scrapping whereby all the information was extracted by exploiting a vulnerability in Facebook’s contact importer feature. Mike Clark in his blog stated that the data was not stolen by hacking into its system but by scraping its platform. The blog revealed scrapping the most common tactic that often relies on automated software to lift public information from the internet. While scraping itself may not always be illegal, the manner in which the information was obtained in this case and later made available online was a violation of Facebook’s terms of service.
TPT Policy Advocacy and Recommendations
- Facebook should chart out its data lineage and set up protection as per the vulnerability. Also, a robust policy for handling all types of data should be curated differentiating their sensitive and non-sensitive data to outline a strict process for handling important information. In the case of restricted data, employees should be accessible on a need basis only.
- Data breaches today blow a million-dollar hole in India Inc’s pocket. Financial sector firms lose the most, followed by the services and industrial sectors. An urgent need for organizations to start approaching their processes, products/services, and technological integrations with a security-first outlook is demanded. Bridging the gaps between the technology and the Indian minds should be implemented to protect the nation from data loss.