Facebook breach ‘could leave thousands of apps vulnerable’

Image Credit: alexsl

The large data breach reported by Facebook last week, which affected some 50 million accounts, could be more serious than first realised, it has been claimed, as it may give hackers access to thousands of other apps and potentially leave businesses exposed.

This is because the vulnerability lay in the automated login credentials, or 'tokens', that allow users to gain access to many popular apps and services using their Facebook account. Spotify, Pinterest and Yelp are among some of the biggest names that offer this as a login option.

Jason Polakis, an assistant professor of computer science at the University of Illinois at Chicago, told the Guardian that the token breach could have a much more wide-reaching impact than just Facebook, with the vulnerability potentially acting as a backdoor to thousands of third-party apps and websites.

While the majority of businesses will not use Facebook tokens as a means of gaining access, many employees will use such tokens on their business phones to access services such as Spotify, so could be opening up their device to problems.

This highlights the importance of strong IT security solutions, such as robust mobile device management tools that can protect business smartphones by giving the company greater control over what services and apps their employees can access.

It is also a reminder of the importance of strong authentication practices. Dana Simberkoff, chief risk, privacy and information security officer for enterprise security firm Avepoint, told the Guardian that while the use of tools such as Facebook tokens for logins is convenient, it can lead to other problems.

"When you use shortcuts there can be consequences," she explained. "You should not use one app to log into another, because when one of those systems is compromised, everything else you interact with can be as well."

The Facebook data breach may also be one of the first big tests for the EU's GDPR, which comes with the threat of significantly larger fines for security failings. If European regulators decide the incident is serious enough, the maximum fine they could issue is four per cent of the firm's global revenue – which in Facebook's case would equate to $1.63 billion (£1.25 billion).