Donate
The Facebook Breach: Some Lessons for the Internet Thumbnail
‹ Back
Security 1 October 2018

The Facebook Breach: Some Lessons for the Internet

Olaf Kolkman
By Olaf KolkmanChief Internet Technology Officer

Last week Facebook found itself at the heart of a security breach that put at risk the personal information of millions of users of the social network.

On September 28, news broke that an attacker exploited a technical vulnerability in Facebook’s code that would allow them to log into about 50 million people’s accounts.

While Facebook was quick to address the exploit and fix it, they say they don’t know if anyone’s accounts actually were breached.

This breach follows the Cambridge Analytica scandal earlier this year that resulted in the serious mishandling of the data of millions of people who use Facebook.

Both of these events illustrate that we cannot be complacent about data security. Companies that hold personal and sensitive data need to be extra vigilant about protecting their users’ data.

Yet even the most vigilant are also vulnerable. Even a single security bug can affect millions of users, as we can see.

There are a few things we can learn from this that applies to the other security conversations: Doing security well is notoriously hard, and persistent attackers will find bugs to exploit, in this case a combination of three apparently unrelated ones on the Facebook platform.

This is a lesson for anybody who says that exceptional access can be built securely. This is not a moment for schadenfreude, though – I believe that the transparency by which the engineers at Facebook coped with this issue will aid the social network’s efforts to re-build trust with its users. And let’s face it, those engineers found the problem themselves through monitoring of their systems.

Facebook is not only providing the technical means of access to its own services, but also for others. While there is no proof yet that any third-party applications have been compromised, I believe that we must think about decentralising some of these login mechanisms before one of these houses of cards collapses.  That may not be trivial as building and maintaining these systems securely requires lots of resources, not available to everybody.

That is a wicked problem, one that is gaining focus as a significant issue we must resolve very soon if we really wish to see an open, globally-connected, trustworthy, and secure Internet for everyone.

‹ Back

Related articles

Post Equifax, We Need to Reconsider How to Identify People 
Post Equifax, We Need to Reconsider How to Identify People 
Trust26 September 2017

Post Equifax, We Need to Reconsider How to Identify People 

Victims of identity theft will tell you the experience is like having your personal life broken into, tossed around, and...

“Keep those eyebrows up!” – Cybersecurity at the Global Women’s Forum
“Keep those eyebrows up!” – Cybersecurity at the Global Women’s Forum
Internet of Things (IoT)6 October 2017

“Keep those eyebrows up!” – Cybersecurity at the Global Women’s Forum

News of cyberattacks is slowly becoming a new normal. We are still at a stage where high-profile cases, like the...

The Current Approach to Data Handling Isn’t Working - The Equifax Breach Illustrates Why
The Current Approach to Data Handling Isn’t Working - The Equifax Breach Illustrates Why
Trust3 October 2017

The Current Approach to Data Handling Isn’t Working – The Equifax Breach Illustrates Why

Are you from the United States or Canada? If so, there is a big chance you had sensitive personal information...

Join the conversation with Internet Society members around the world