Trusted companies put your data at risk

social media

It may be tempting to think that hackers are ultimately responsible for compromises of your sensitive data. That they are hard at work figuring out how to break security systems. While this isn’t entirely untrue, that hackers want your data, it’s not what you might think. Hackers do not normally break perfectly functioning code. The truth is that hackers most often are simply looking for flaws and trying to figure out how to exploit them. These flaws exist because of poor coding on the part of the developers who made the programs. They exist because of human error. And often enough, the faulty code puts your data at risk before the hackers ever get a chance to.

There have been several examples of this in just the second half of 2018. Google, Twitter, and Facebook have all been the in headlines for having serious compromises of personal data. The company’s own faulty code was responsible for enabling the data breaches in each case.  None of these involved cracked passwords or hacked systems. Just poorly programmed products.

Google’s oops

A recent report by Forbes about a flaw in Google+ is a prime example of a company accidentally giving information away. No hacking was involved.  Google admitted that a bug in their platform exposed the full names, email addresses, birth dates, gender, profile photos, relationship status, occupation, and more. All this information was available to third-party developers who made apps for the Google+ platform. It accidentally exposed the personal information of nearly a half-million people through more than 400 different apps.

While the flaw was patched in March of 2018, Google kept the incident a secret for roughly six months. News of this event, and it’s apparent cover-up greatly damaged trust in Google’s social network. In response to this loss of trust, Google has since announced that it intends to shut down Google+.

Twitter glitch

Similarly, Twitter discovered on September 10, 2018 that there had been a glitch in their system since May of 2017. This flaw caused direct messages between app developers to be accidentally sent to the wrong party. While not a flagrant breach of user data, this flaw still constitutes a security breach. The flaw has since been patched by Twitter, who claims that only 1 percent of its users were affected.

Facebook face-palm

Three fatal flaws in Facebook’s code allowed hackers to exploit the site’s “view as” feature and see profiles as if they were the owner.  This hack did not involve compromised passwords, but instead took advantage of a faulty security mechanism. This mechanism’s failure granted the hackers full access to other people’s accounts. Over the course of fourteen days in September, 2018, hackers stole the names, contact information, personal details, and recent activity of at least 14 million people.  At least 15 million more people were affected in a less severe form.

What to take from this

Social media has become a bit of a phenomena over the past decade. Its use is now a social norm, to the point where many people may not consider why they use it. Or maybe more importantly, if they should use it. We’ve become a society where everything is broadcast to the internet through one of a multitude of social platforms. How often do we consider the risks in doing so? Maybe you consider yourself security savvy and not threatened by hackers. Are you still safe from the faulty code? Safe from code that potentially hands out your sensitive information to any interested person?

With so much information about our lives being voluntarily recorded onto the internet, people would be wise to do so while fully understanding the risks. If you chose to give your information to a company by using their social platform, know that they cannot be expected to perfectly secure that information 100% of the time. There will always be a risk of your information being exposed to people you may not want to see it. Whether that involves accidental exposures, such as those reported by Google and Twitter, or hackers exploiting flaws, like recent news from Facebook. Understand that the code that drives these sites will always have flaws. Those flaws will continue to threaten the privacy of your data kept on these sites.

 

About Dustin Wilson

I have been working professionally in Cybersecurity since 2011. I earned my A.A.S. in Computer Science, a B.S. in Cybersecurity, and am currently working on a M.S. in Cybersecurity. Prior to working in this field, I was a computer programmer for nine years.

View all posts by Dustin Wilson →

Leave a Reply

Your email address will not be published. Required fields are marked *