Life Tech Facebook data breach: Private messages, photos and check-ins could be leaked

Facebook data breach: Private messages, photos and check-ins could be leaked

Facebook reveals fresh network breach affected 50 million users Photo: AAP
Twitter Facebook Reddit Pinterest Email

Security experts fear Facebook’s latest data breach could lead to users’ photos, private conversations and even check-ins being leaked publicly online.

The social media giant revealed on Friday that the private information of more than 50 million users had been exposed after attackers exploited a feature that allowed them to take over users’ accounts.

Facebook said in a post that the security issue was related to the “View As” feature, which allows people to see a preview of what their profile looks like to other people, like specific friends.

Dr Muhammad Usman, data and cyber security expert at Swinburne University, said Facebook’s latest data breach could result in users’ personal information such as emails and passwords being leaked online on paste websites such as Pastebin

Websites such as Have I Been Pwned allow users to see if their accounts have been compromised on these paste sites.

“It’s possible that users’ personal information could end up on these sites, especially if they’ve used their Facebook account to log in into other third-party apps,” Dr Usman told The New Daily.

“Facebook are not taking the proper precautions to secure users’ account details, so it’s important for people to be mindful of what kind of personal information they’re posting including private chats.”

Facebook Mark Zuckerberg
Mark Zuckerberg says Facebook has 20,000 people protecting the site. Photo: AAP

Deakin University’s Cyber Security Research Institute professor Matt Warren said Facebook’s data breach meant users’ private conversations, photos and even check-ins could be exposed.

“Several users use a federated log in with Tinder, Spotify and Instagram, meaning their Facebook account can be used to log them in on those sites,” Dr Warren told The New Daily.

“The biggest risk with this is that users’ photos, data and location details could have been harvested in this breach.”

Dr Warren said the sophistication of the breach could lead to identity theft.

“We could start seeing a trend of fake accounts using people’s posts and photos,” he said.

“On the dark net this data could be used as a potential way to make money by blackmailing users or it could be used as a harvest for email addresses to launch spam attacks.”

The hack comes amid intense scrutiny over Facebook’s role in the Cambridge Analytica scandal in April, where the private information of 87 million users was illegally obtained by a British political consulting firm.

What can you do to protect your data?

Security experts told The New Daily it was critical for users to take simple steps to ensure their account details didn’t end up in the wrong hands.

Change your password

Facebook says that because it has fixed the vulnerability, there is no need to change your account password, but security experts disagree because there’s still a strong risk of accounts linked to third-party apps such as Tinder, Spotify, and Instagram being compromised. 

Experts also recommend users sign up to third-party apps with their email address and not their Facebook account to ensure their information isn’t shared among platforms.

Facebook is still reeling from the Cambridge Analytica scandal. Photo: Getty

Turn on two-factor authentication

Facebook and other social media platforms offer a security feature called two-factor authentication. It involves sending a unique code to your phone that you must type in after entering your password. 

Conduct an online audit 

Users can see if they’ve fallen victim to other online security breaches on sites such as Have I Been Pwned. If this is the case, then it’s highly recommended to change your password on all accounts linked to the compromised email account. 

On Facebook’s Security and Login page, under the tab labelled “Where You’re Logged in,” you can see a list of devices that are signed into your account, as well as their locations.

If you see an unfamiliar device signed in at an unrecognised location, you can click the “Remove” button to remove the device from your account.

View Comments

Promoted Stories