If you have ever clicked on a link to participate in a personality quiz on Facebook, you have given the developers access to your user account information. Similarly, if you have ever opened an app and selected the option to “log in with Facebook” chances are that the developers or the company behind those applications know a lot about you. According to Facebook, each app that you log into with your Facebook account will have access to your user profile, username, full name, gender, and profile picture. This action also gives the third party access to your friend lists and other information on your profile.
Brief History of Facebook Population
Facebook started in February 2004 as “Thefacebook” and was initially accessible to only people with Harvard email addresses. However, after the first month of deployment, only 50% of Zuckerberg’s college had created accounts with the platform. Following rapid growth and popularity of the platform, membership expanded to almost all universities both in the US and Canada, with even many more people signing up before the end of 2004.
New domain acquisition and organizational rebranding required that Zuckerberg dropped “the” from the name to retain only “Facebook” (thefacebook.com domain now cost some $200000) in August 2005. In September 2006 Facebook was made accessible globally to all persons of 13 years and above who had a valid email address. By the end of 2006, Facebook could boast of 12 million users and more than 5 times the users by October 2007.
User count had reached more than 100 million by August 2008, and 300 million by September 2009. By the end of 2009, Facebook user count increased to about 350 million global users, and some 132 million unique active monthly users. It was during this era that Facebook became the most popular and highly used social media platform. By July 2015, Facebook user count reached some 1.49 billion people, 1.5 billion users by 2016, 2 billion users by June 2017, and 2.22 billion active users by July 2018.
These large number of users generate and exchanged data more rapidly.
Even more, Facebook users like most social media platform users reveal vast amounts of personal information without realizing the privacy and security risks arising from their actions. In September 2018, Facebook had its major security breach from cyber attackers in which more than 50-90 million of its users were exposed to some vulnerability that allows a third party to take over their accounts. Since then, Facebook began improving and integrating stronger infrastructure security and checks to protect the user information from cyber attackers to enhance user experience and the smooth operation of their web-based systems.
How did the Breach Occur?
Facebook confirmed in a release that more than 50 million users’ data were at risk after cyber attackers exploited a vulnerability that gave them access to personal data. According to Facebook CEO Mark Zuckerberg, the attackers used Facebook developer APIs to obtain some information such as username, gender, email, hometowns, etc. linked to a user’s profile. Facebook App developers use Facebook API platform to build applications that are available to the members of the social network. Users who use these third-party apps are asked to log in with their Facebook account giving the developers unrestricted access to the users’ profile info
Example of third-party apps that collects users’ account information through a personality test
How is Facebook Protecting Its Users?
Pursuant to the security breach, Zuckerberg disclosed that Facebook has taken steps to fix the vulnerability on September 27, by first resetting access token (developers through Facebook Graph API gained access to the users’ account using an access token) to protect the users’ security and privacy. Facebook also released in a publication on April 25, 2019, a list of APIs that will be affected by their new security updates.
This new update means that all existing apps will be removed and developers will have to send their new applications and request to Facebook for review and approval.
Only apps that are determined to conform to applicable rules will be allowed to run, howbeit with severe restrictions. Lastly, Facebook has added features that alert users about unrecognized logins, allows users to setup two-factor authentication, or choose friends to be your trusted contacts to help you recover your account if a third party takes control of your account.
How should users protect themselves?
Although Facebook has taken some measures and still continue to update its security features to protect its users’ privacy and security, the users also have a bigger role to play. Most of the security features such as setting up two-factor authentication and enabling the feature that alerts users of unrecognized logins are not automatic and will require the user to manually set this feature themselves. Users are also encouraged to avoid using a single login for all social media sites. User passwords such as date of birth, phone number, or any combination that is easy to guess must be avoided.
Finally, if you have already given any third-party access to your account information, you have to go to your settings and select the “Apps” option and manage the apps you will want to use or delete. Keep in mind that deleting these third party apps you have already granted access to will not delete your existing information in their possession.
Sources
techcrunch.com/2018/09/28/everything-you-need-to-know-about-facebooks-data-breach-affecting-50m-users/amp/
www.brandwatch.com/blog/history-of-facebook/
free.facebook.com/help
developers.facebook.com/docs/graph-api/