CERT-In responds to the Facebook data breach, issues advisory
CERT-In has responded to the recent Facebook data breach. It has issued an advisory to protect the interests of Indian users of Facebook. Earlier, this month, reports confirmed that around the breach affects around 500 million users. These numbers include around 6.1 million Indian users of Facebook.
Through the advisory, CERT-In has asked Indian users of Facebook to secure their profile on the social media giant’s platform.
Providing the details of the breach, it has stated that the leaked information includes email addresses, profile ID, full name, job occupation, phone numbers and birth date. However, Facebook has clarified that the financial information, health information, and passwords of users are safe.
As per the advisory, data scrapers may use “public” information of an individual to “match and combine with data from other breaches to access even more of their personal information and accounts,”. It recommends users to consider changing their profile settings to “private” or “friends” only.
It has also asked users to change their privacy settings on Facebook, such as who can find and contact them, and whether they should set them all to “friends” or stricter for better protection.
Lastly, users were urged to practise good cyber hygiene, and Facebook has informed users to “make sure that their privacy settings represent what details they want to share publicly and who they want to be able to look at them by phone number,” according to the advisory.
Facebook’s response to the data breach
Facebook has been laying low since the time the news of this breach surfaced online. Yesterday, it was reported that Facebook plans to ‘normalize’ security concerns in light of this massive ‘data scrapping’ exercise.
The Company states that it has conducted an investigation and concluded the breach only exposes ‘old data’ dating prior to September 2019. The hackers have used Facebook’s “contact importer” feature to scrape the information. Facebook has advised users to enable two-factor authentication (2FA) for better security.
However, readers must note that although the vulnerability might have become old and patched, but the user data is largely going to remain same. The personal nature of data, available online, will inadvertently allow cyber criminals to misuse the data and scam people. Further, because the data set also contains email addresses, hacking attempts could be made. Given the volume of personal data leaked, it becomes imperative that Facebook does more than just patching the vulnerability. It should inform the users and ask them to take steps to safeguard their data.
Do subscribe to our Telegram channel for more resources and discussions on technology law and news. To receive weekly updates, and a massive monthly roundup, don’t forget to subscribe to our Newsletter.
You can also follow us on Instagram, Facebook, LinkedIn, and Twitter for frequent updates and news flashes about #technologylaw.