Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud

    Cambridge Analytica Breach Reveals Facebook’s Weak User Data Defenses

    Written by

    Wayne Rash
    Published March 20, 2018
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      The revelations over Saint Patrick’s Day weekend that Facebook allowed a data mining company to gather the records of 50 million American users is just the most recent case in which the social network has failed to prevent access to user records. 

       Facebook has been the subject of previous privacy investigations by the Federal Trade Commission that culminated in a consent decree in 2011 and a warning letter in 2014. 

      The data loss occurred when a researcher at mining firm Cambridge Analytica offered to pay some Facebook members to conduct research. While those users were told that their personal profiles would be used, what actually happened is that the researchers also obtained the complete profiles of their friends. 

      “Facebook should have never disclosed this data to a third party,” said Marc Rotenberg, president of the Electronic Privacy Information Center said in an email. “But the FTC dropped the ball. It simply failed to enforce its own legal judgment.” 

      But Facebook failed to protect the data. The company apparently found out about the data loss in 2015, and asked Cambridge Analytica to erase the data it had gathered improperly, but according to an investigation by the New York Times, this never happened. 

      It would be bad enough if this were an isolated case, but the fact is that Facebook is rife with data miners according to a report in The Washington Post. Those data mining operations frequently appear as games or apps that attempt to provide entertainment, but they share one feature–they ask permission to gather your profile information and they also go after your friends and gather that information as well. 

      If your company has a presence on Facebook, which is likely since it’s widely used by organizations as a way to provide customer service and to gain a positive social presence, then any data your organizations has placed on Facebook is essentially public, regardless of whether you intended that or not. 

      Your employees’ activities on Facebook present another risk. Those data miners, including Cambridge Analytica, which boasted during an investigation by the UK’s ITN that it used a series of tricks including honey pots and extortion to get information from employees of companies it targeted. According to a report in The Guardian, the company was even willing to use the information it obtained to create sex scandals. 

      What this means is that your employees can be seen as a source of information about your company on Facebook. Even if your company page contains only information that you’ve vetted as being appropriate for public consumption globally, you’re not out of the woods. 

      Anything your employees say about your company, whether it’s in public on not, is there for the taking. While Facebook allows users to restrict information to friends, for example, if one of those friends decides to share, it’s still accessible. 

      But, you can’t just pull your company off of Facebook and be safe. But there’s a lot you can do to limit how what a bad actor can do to hurt your company or your employees. 

      First, really look at your Facebook presence. Scrutinize every entry and every link on your page. Look at every photo in detail. Confirm that none of the information you’ve posted can possibly cause you a problem. 

      Next, look at the items posted by others, whether they’re customers or employees, and take down any that reveal information about your company that should not be public. 

      Also be aware of the Facebook activities of your senior staff. It may not be possible—or even desirable—to eliminate a mention of their role in the company, but you should be aware of what they’re saying about the company. Where possible you need to discourage posting of information related to your projects, developments or plans. You should discourage discussion of development or management tools in use in your company and you should discourage detailed discussions of technical or business capabilities. 

      The reason for this level of caution is that it becomes vastly easier for a hacker to break into your company if they know what systems you’re running and easier yet if they can use publicly available information to discover credentials. Think about it—if you use an email address as your default login to the company network, then publicizing your employee email addresses makes it easier for the hackers. 

      But the risk goes far beyond just opening up an avenue for hackers. Private information found on Facebook can also be used by cyber-criminals as a way to get further information about your company or your organization’s leadership, which can then be used to work their way into your network, or to your business relationships. 

      While Cambridge Analytica, which says in light of the recent revelations that it did nothing wrong, may limit its work to the field of politics, they’re not the only company looking for data on Facebook. Those other data miners are still there, and they’re looking for information on your organization. You have to be vigilant to keep them from finding it.

      Wayne Rash
      Wayne Rash
      https://www.eweek.com/author/wayne-rash/
      Wayne Rash is a content writer and editor with a 35-year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He is the author of five books, including his most recent, "Politics on the Nets." Rash is a former Executive Editor of eWEEK and a former analyst in the eWEEK Test Center. He was also an analyst in the InfoWorld Test Center and editor of InternetWeek. He's a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×