On 3rd April 2021, the personal data of more than 500 million Facebook users globally was published on a low-level hacking forum for free. The leaked data includes full names, phone numbers, email addresses, birth dates, locations, and biographical information.
This data breach affected more than 533 million Facebook users from 106 countries across the globe, including over 32 million records of the users in the US, 11 million of the users in the UK, and 6 million of the users in India. Reportedly, all the data is neatly divided into separate download packages by country.
Impact of Facebook Data Breach
Facebook has confirmed the leak. According to a Facebook spokesperson, this is “old data” and was leaked due to a vulnerability that was patched by the company in 2019. The exposed data can be exploited by the threat actors to carry out an array of cyber crimes including identity theft, impersonation scams, SMS spam, and extortion attempts.
“A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks [or] hacking attempts”
– Alon Gal, CTO of a cyber crime intelligence firm
Notably, this isn’t the first time that the personal information of Facebook users has been exposed online. The vulnerability uncovered in 2019 led to the exposure of phone numbers of millions of users from Facebook’s servers. Also, during the 2016 election, Cambridge Analytica scraped 80 million users’ data to target voters with political ads.
The National Privacy Commission (NPC) is currently investigating the large-scale data leak that has affected around half a billion social media users globally. Cyber security experts worldwide are urging Facebook users to secure their social media accounts immediately. All users are being advised to change their passwords and enable multi-factor authentication right away.
How Can Organizations Prevent Data Breaches?
We have barely crossed three months of 2021 and several data breaches have already made headlines. A data breach not only results in the loss of valuable and confidential data but also damages the reputation of your brand and your relationship with your customers. Customers hand over their data to the organizations, trusting them to keep it safe and secure. Hence, it is every organization’s duty to take every possible step for keeping this data safe. So, here are the most effective measures you can take to protect your organization against data breaches:
#1 Keep the Software and Hardware Updated
Cyber criminals can gain access to valuable data by exploiting the weaknesses created by outdated devices or software. Keeping your systems and software up-to-date with the latest security patches and updates is essential to eliminate any exploitable vulnerabilities in your organization’s cyber security infrastructure.
#2 Conduct Periodic VAPT
Since keeping an organization protected against security threats is a never-ending endeavor, conducting periodic Vulnerability Assessment and Penetration Testing (VAPT) is the best course of action. It is the most effective way of detecting any exploitable vulnerability in your organization’s IT infrastructure and cyber security framework. Patching these vulnerabilities immediately can significantly help you keep your organization protected against ever-evolving cyber threats.
#3 Generate Cyber Security Awareness
According to a report by IBM Security, human error is the main cause of 24% of all data breaches. If your employees are not cyber aware, they can make serious mistakes and unintentionally cause data breaches. Providing your employees with cyber security awareness training offers the best way to arm them with the knowledge needed to combat prevailing and emerging cyber threats. Cyber security awareness training tools like ThreatCop enables your employees to make smart security decisions to protect themselves and your organization against cyber attacks.
#4 Enable Multi-factor Authentication
Implementation of Multi-Factor Authentication (MFA) on all the applicable endpoints across your organization’s networks is the best way to get rid of some of the most catastrophic vulnerabilities. As per a report by Microsoft, enabling MFA can block over 99.9% of all automated account compromise attacks. As billions of stolen credentials are easily available for sale, it has become essential to adopt MFA as a basic security protocol to add an additional layer of security.
#5 Enforce Strong Password Policy
Weak passwords make it very easy for cyber criminals to gain access to an account. Ask your employees to create strong passwords for all their accounts. A strong password consists of a combination of upper and lower case letters, numbers, and special characters. Also, advise them to change their passwords every 90 days. Make sure they understand the risks of password sharing and using the same password across multiple platforms.
It is becoming increasingly difficult to safeguard your data from malicious actors. Following these security measures is in the best interest of your organization and customers. Would you like to add something to this? Let me know in the comments below!