Facebook breach ‘could leave thousands of apps vulnerable’
The large data breach reported by Facebook last week, which affected some 50 million accounts, could be more serious than first realised, it has been claimed, as it may give hackers access to thousands of other apps and potentially leave businesses exposed.
This is because the vulnerability lay in the automated login credentials, or 'tokens', that allow users to gain access to many popular apps and services using their Facebook account. Spotify, Pinterest and Yelp are among some of the biggest names that offer this as a login option.
Jason Polakis, an assistant professor of computer science at the University of Illinois at Chicago, told the Guardian that the token breach could have a much more wide-reaching impact than just Facebook, with the vulnerability potentially acting as a backdoor to thousands of third-party apps and websites.
While the majority of businesses will not use Facebook tokens as a means of gaining access, many employees will use such tokens on their business phones to access services such as Spotify, so could be opening up their device to problems.
This highlights the importance of strong IT security solutions, such as robust mobile device management tools that can protect business smartphones by giving the company greater control over what services and apps their employees can access.
It is also a reminder of the importance of strong authentication practices. Dana Simberkoff, chief risk, privacy and information security officer for enterprise security firm Avepoint, told the Guardian that while the use of tools such as Facebook tokens for logins is convenient, it can lead to other problems.
"When you use shortcuts there can be consequences," she explained. "You should not use one app to log into another, because when one of those systems is compromised, everything else you interact with can be as well."
The Facebook data breach may also be one of the first big tests for the EU's GDPR, which comes with the threat of significantly larger fines for security failings. If European regulators decide the incident is serious enough, the maximum fine they could issue is four per cent of the firm's global revenue – which in Facebook's case would equate to $1.63 billion (£1.25 billion).
Share This Post, Choose Your Platform!
With over 25 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.