According to a recent security report, Facebook has suffered another data breach - this time over 267 million user records including phone numbers have been leaked and was made available for download on a forum for hackers. Comparitech and security researcher Bob Diachenko discovered the leak earlier this month and believe it was the result of “an illegal scraping operation or Facebook API abuse by criminals in Vietnam”. This is not the first time that Facebook has suffered a data breach, but this is may be one of the biggest of its kind. The company is still reeling from the infamous Cambridge Analytica scandal in which Facebook’s own policies were abused to extract data on hundreds of millions of users. Comparitech has stated that the database is currently “unavailable”, but it is conceivable that other copies exist in the wild.
Recently it seems like mass data hacks are becoming normal news these days - but that doesn’t make them any less disturbing for those that are affected. Tools like Have I Been Pwned (a site that indexes data breaches and can tell if your email address was associated with one) are becoming more useful as breaches continue to happen. But why are companies still being so careless with our private data?
The most disturbing breach of recent memory is the Equifax hack, a data breach that involved the private financial information (including social security numbers) of more than half of all Americans. With the rate at which these breaches are occurring, it’s obvious that something needs to be done.
Facebook, Others Should Have Used Encryption
One potential solution to the recent data breach epidemic is encryption. That means companies would use advanced cryptography methods to secure data so that even if it is stolen, it is completely useless without the decryption password or key file. With a sufficiently strong encryption password, private data is effectively impossible to breach. According to a password strength checker, a simple password such as “i like screen rant” would take nearly half a trillion years to guess. With such simple passwords being nearly impossible to break, why aren’t companies encrypting our data?
Unfortunately, many companies rely on legacy systems and databases that perhaps can’t be encrypted, and migrating the data of hundreds of millions of users would cost a lot of money to do. Sadly, it is likely this upfront cost of moving into a system that can be protected by encryption that is stopping companies from making the move. But at some point customers are going to lose faith in the tech giants that refuse to encrypt, and that could cost them a lot more than the expense of moving to a more secure system.
Next: Facebook Wanted The Social Network To Not Use Their Name
Source: Comparitech