Story image

Experts and execs comment on Facebook data leak

05 Apr 2019

Yesterday, cybersecurity company UpGuard broke the news of 540mil Facebook user records being exposed on the Internet due to misconfigured AWS servers.

The leak is another strike in a long list of Facebook’s faults as it scrambles to maintain its reputation.

Here is what cybersecurity experts and executives had to say about the data leak:

Tenable co-founder and CTO Renaud Deraison

Seems like every other week a security issue is discovered in the Facebook ecosystem.

Facebook is giving third-party app developers access to user data.

That means the company’s massive trove of data is in the hands of potentially thousands of third parties all over the world.

App developers are focused mainly on bringing new offerings to market quickly - it’s what consumers have come to expect.

It looks like Facebook doesn’t have enforced guidelines when it comes to how its partners handle cybersecurity.

Ping Identity Asia Pacific chief technology officer Mark Perry

The latest reports of user passwords exposed in plaintext on public servers by Facebook is lamentable, but all too common event in the technology industry.

Tech companies are the custodians of user credentials and other personally identifiable information, a valuable resource in today's world.

Ping Identity's message to tech companies is simple: encrypt user data at rest and in transit; use up to date, off-the-shelf password hashing algorithms; don't write your own security code; monitor attack vectors like APIs using modern, threat-aware solutions; and control access to your services and applications using multi-factor authentication and fine-grained access control for everyone that touches them: end users, developers and system administrators.

CQR Consulting chief technology officer and co-founder Phil Kernick

The most recent breach of Facebook data only underscores the reality of the business models of social media platforms – the users are not the customers, they are the product.  

Your data is collected, filtered, aggregated and then sold to any business that agrees to comply with Facebook’s policy of not storing it unprotected. 

Whether these third parties actually comply is a contractual matter with Facebook and the user’s whose data is compromised have no say in the matter. 

While Facebook has recently made announcements that they will take a privacy-first approach to user data, this seems to be more a response to avoiding Government oversight than genuine care for their users. 

They’ve made these promises before. 

They’ve broken these promises before. 

Aura Information Security general manager Peter Bailey

As far as data privacy and security goes, Facebook is having a particularly bad run and the company is fast becoming the poster child for what not to do. 

First the Cambridge Analytica saga, then the security flaw that allowed hackers to access 50 million Facebook accounts… and now this.  

It’s becoming increasingly apparent that Facebook simply isn’t taking their duty of care in regards to the privacy of the data of its users seriously enough. 

Social media platforms like Facebook are about trust, if users don’t feel they can use them safely, we’re going to see more people leave the platform.

WatchGuard Technologies A/NZ regional director Mark Sinclair

Organisations need to be very careful when sharing sensitive data with other third-party organisations. 

Third parties are often a much easier target and, once compromised, can also act as a launching pad for a cyber-attack on the original organisation.  

Any organisation that shares data should be reviewing their API's to ensure controls are in place to limit sensitive data and regular audits be done on the third parties to ensure compliance to privacy regulations and IT security standards.

Digital Guardian cloud services security architect Naaman Hart

In the age of GDPR companies must realise that when they collect data they are responsible for it, regardless of whether they share it onwards or keep it themselves. 

It will be interesting to see whether litigation springs from this as I expect it might. 

In that case, the financial and reputational damage to Facebook might prompt them to ensure the companies they do business with are held to their own security standards. 

Huawei FusionServer Pro built for 'intelligent transformation'
The next generation X86 servers draw on an intelligent acceleration engine, an intelligent management ending, and intelligent data center solutions for ‘diverse’ scenarios as transformation shifts from digital to intelligent.
HFW deploys digital edge strategy on Equinix
Equinix announced that global law firm HFW has collaborated with Equinix to build out its digital edge in key markets including Dubai, London, Hong Kong, Melbourne and Paris.
DE-CIX and Datacenter One sign service deal for Germany
Datacenter One’s LEV1 data centre in Leverkusen is the first to be connected to DE-CIX, with further DE-CIX sites to be created in the next few years as part of the agreement.
Teradata expands as-a-service offerings for Advantage platform
Data intelligence company Teradata has announced three new cloud and on-premise solutions that are now integrated into its Teradata Vantage platform.
DigiPlex opens up Nordic data centers to international customers
"The Nordics are Europe's premier market: a firm deploying 100 megawatts over 20 years could save approximately $2 billion by placing their data center in Sweden or Norway versus the U.K."
HPE & Nutanix join forces to deliver hybrid cloud as a service
The two tech giants have partnered to offer a fully integrated solution that capitalises on the hybrid IT market.
Opinion: The growing importance of sustainability in data centres
Aruba's Alessandro Bruschini discusses why to carry on growing, the data centre industry will have to turn to green methods of energy consumption and production.
Equinix releases Azure Stack-as-a-Service in APAC
The hybrid cloud solution offers pre-configured, Microsoft validated systems, pre-installed into Equinix IBX data centres.