Data protection and privacy are critical to a business, but what if the data you pass to a trusted source is then passed on to another untrusted one? This is the issue behind the latest Facebook data leak.
A University of Cambridge professor created an app called " thisisyourdigitallife" that collected about 270,000 profiles from user installations and signups. The app then collected information about their Facebook friends, about 50 million in total. The professor later passed the collected data to Cambridge Analytica that used it for the US presidential campaign. Although the data passed was an impropriety, it wasn't technically theft since it was willingly given to the analytics firm and none of it was stolen from Facebook's servers.
In Facebook's case, the app used the social media's API to collect data. APIs are commonly distributed by most social media and networking sites. By giving developers an API, a company can compel businesses to integrate their service into business applications. The developer collects a subscription fee, increases revenue, and gets its name out there without the high cost of marketing.
The downside to a public API is that it must be secured from data leaks such as the one that now plagues Facebook and caused its stock to drop along with other social media outlets. It's especially common with social apps. In an attempt to network and share personal data, social apps can unintentionally allow too much data to be released that eventually leads to the personal identification and possible identity theft.
After this latest leak, lawmakers, and experts have suggested looking deeper into how data is managed especially in terms of network security and data management policies. While it might seem like a harmless way to share data, opening a database that contains millions of user records can lead to collection that could be used to further identify user PII. The only way to combat this issue is to implement the right collection and distribution policies.
In addition to the data leak, it's been reported that Zuckerberg knew of the data leak in 2015 and asked that Cambridge Analytica delete it. Cambridge never deleted the data, and this caused a breach of trust. The breach also affected users that trusted Facebook with their personal information.
Before releasing any API, always audit and test it for leaks. When you work with other developers, be aware of any massive data transfers from your API that seem unusual. Conduct audits of your data to know who is accessing it. The most important action to take is to make sure your users' data is safeguarded from any possible malicious activity. This could be limiting the amount of data returned to applications or restricting access to certain data.
Facebook's data leak may not be theft, but it shows that more security must be implemented on open APIs. If your business uses an API to market your brand, you can avoid this type of cybersecurity risk by placing the right policies around your data distribution and monitoring data transferred from your database.
As an IT professional you’re constantly battling the possibility of breaches and hacks that could cripple your organization. While this data leak may not directly impact your business, versions of it are lurking in the background and the next one is on the way. Get in touch with your managed service provider, working with your MSP means you won’t have to do all the heavy lifting yourself when it comes to staying secure. Consistent, always-on email and web security, pro-active approaches and security awareness training are all critical steps in keeping your organization safe.
Sign-up for email updates...