Facebook recently announced a breach which exposed the information of 50 Million users. The breach is the largest in the company’s 14-year history. Attackers exploited a feature in Facebook’s code to gain access to user accounts and potentially take control of them. Facebook says it has now fixed the vulnerabilities and notified law enforcement officials. At this moment, company officials do not know the identity or the origin of the attackers, nor have they fully assessed the scope of the attack or if particular users were targeted. The investigation is still continuing. What we do know so far is that hackers tried to harvest people’s private information, including name, sex and hometown, from Facebook’s systems. So, what does this mean for individuals? And how could this potentially affect your business?
The data accessed puts those affected by this breach at an increased risk for identity theft, spam and targeted phishing campaigns. As individual users, we must take caution to guard against suspicious e-mails, calls and text messages that are better targeted trying to scam you of your data. In fact, ID Agent’s “Cybersecurity division has confirmed that the individual account information associated with the Facebook breach is now being sold on popular Dark Web markets for $3 to $12.” In addition, hackers could use this data to steal your identity, putting your credit at risk.
As a business owner, does this breach really affect your business? While not having an affect directly on your business, many users will use work emails to log into applications like Facebook, so the potential for someone to breach your company’s email system is high. Matthew Solomon writes, “many times, employees give criminals easy access. For example, some employees, including high-level executives, use their work emails and passwords for social media or other consumer sites. It’s just easier to remember. But when these sites get breached, a hacker is handed the corporate keys in the way of identical emails and network passwords… Hackers can very easily run tools, crack the password code and again have easy access to the corporate network.” To help avoid becoming a victim to this type of breach, try to leverage an MSSP with a Dark Web Monitoring service. Sometimes data is already out on the dark web and we don’t know it! Using a Dark Web Monitoring Service can help you find out if your .com credentials are out on the dark web.