540 million data records of Facebook users were compromised after third-party apps and sites stored the data on unsecured servers.
The leaked information included comments, likes, reactions, account names, and FB IDs, and some email addresses. The app called At The Pool even stored passwords of 22,000 users in plaintext.
Security expert tips: If you have used At The Pool, make sure you are not reusing the same password for any other accounts. All other Facebook users, beware of phishing attacks based on your account activity.
How to protect yourself
Don’t use third-party Facebook apps. These apps collect data on Facebook and deliver it to third parties who may not be secure. If you don’t want your private data showing up on unsecured servers, don’t use any third-party apps on Facebook.
Don’t use Facebook. This is a tough ask for many users, but the arguments for leaving Facebook are growing. With more and more data breaches and suspicious activities coming to light every month, more people are questioning whether this free service is worth it.
Reduce your Facebook activity levels. The less time you spend on Facebook and the less you do on their platform, the less they know about you. When creating or editing your account, don’t provide them with any more data than they need to provide their service.
Some time ago, on October 8, 2018, Google came out and admitted to a data breach in its Google+ social network, because of a software bug. This bug resulted in close to 500,000 user accounts getting compromised. There is no proof available so far that any user’s personal information was misused. If you recall, not too long ago, Google had to allay fears among its users that the developers were being given access to the users’ Gmail accounts, and could potentially misuse them.
As per an article published in the Wall Street Journal, Google chose not to come out with the details in the open, regardless of the fact that the data belonging to so many users was at risk. The company feared major damage to its reputation.
What exactly happened?
In the period between 2015 and March 2018, a good number of outside developers were potentially able to access the personal Google+ data of the users, because of a software glitch in the system. Although an internal memo warned about the potential ‘regulatory interest’, if the leak was made public, leading to comparisons with Facebook and the likes (owing to the Cambridge Analytica scandal), no notification was sent to the users of the social network.
Google+ users normally provide access to their profile data to the apps run by Google+, through API. This bug resulted in apps getting access to all their profile fields, including the ones not marked as public. Google clarified in a statement that this data is usually limited to only optional and static Google+ profile fields, such as the name, age, gender, occupation and email address. The tech giant said in a statement, “It does not include any other data you may have posted or connected to Google+ or any other service, like Google+ posts, messages, Google account data, phone numbers or G Suite content.”
As Google keeps the log data of APIs for no more than two weeks, it wasn’t sure about the users that were impacted by this glitch. However, after carrying out detailed analysis that spanned over two weeks, before the bug was patched, Google disclosed that close to 500,000 accounts were impacted. The company claims that no evidence was found of developers being aware of this bug, or any account abuse happening.
It also posted the following on its blog, “”Our Privacy & Data Protection Office reviewed this issue, looking at the type of data involved, whether we could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response. None of these thresholds were met in this instance.”
What is Google planning to do now?
As per an announcement made on the company’s blog, Google will be ‘sunsetting’ the Google+ service for general consumers and offer it only to the business customers from here on. It is also putting processes in place to tighten up its security systems, as well as various privacy measures throughout the Google suite. The company will also roll out various additional controls in the near future and will update the policies associated with its APIs.