In recent weeks, Facebook has come under fire for an event that might change the definition of “data breach.”
Mark Zuckerberg appeared before the Senate yesterday and Congress today to answer questions about how the platform is handling the situation. Unlike other breaches where the company had no prior knowledge, and perhaps no way of stopping someone from breaking in and stealing information, Facebook suffered a different kind of event, one that is very complex. But we’re still not hearing what the personally identifying information (PII) was accessed beyond the permissions of those using the app.
Facebook allowed a third-party company to operate social media quizzes under the name “This Is Your Digital Life.” The quiz app paid Facebook for the ability to invite users to take quizzes in exchange for access to their public profile information. Also, when one user granted that access, it may have automatically granted access to the individual’s Facebook friends. Even people who’ve never agreed to “This Is Your Digital Life’s” terms may have had their information gathered, including information like name, employer, education, birthdate, and relationships status which was available in their publicly viewable profile. The Identity Theft Resource Center still does not conclusive evidence even after yesterday’s testimony of what exactly was used from each person’s profile. This shared connection is how Facebook has estimates the number of compromised user profiles to be somewhere around 87 million.
Now, Facebook is taking action to inform users. If your information may have been wrongfully accessed, Facebook has put a banner at the top of your feed above the status box where you share what’s happening with you. It allows you check to see if you were compromised and possibly had unauthorized use of your information. It will also direct you to the permissions sections of your settings so you can take a closer look at what you’re letting outsiders’ access. You can also check for yourself by going to the Help Center of Facebook.
Facebook has preemptively disconnected any apps that you may have previously granted permission to access your profile. When you go to log into those connected apps, it will prompt you to reconnect, as well as re-accept permissions (or revoke them). Think carefully as you reconnect and only provide permission to those apps that you trust and to parts of your profile that don’t have important information.
Whether your information was accessed or not, this should serve as another wake-up call to understanding what you share on all of your social media profiles. All social media users should look at the profile questions with a suspicious eye before you include that potential snippet of information.