Employees | 3 min read

Data Breach Winners and Losers: Facebook, MyHeritage, and YOU!

  

Want to get updates on InfoArmor News?

Like so many weeks that have come before and will likely follow, last week was filled with revelations of data breaches, privacy violations, and broken promises. Yet, in an incredibly crowded field, there were two notable losers: Facebook and MyHeritage. Luckily, there were also some winners. And, whether you know it or not, you’re actually on that list of winners. In fact, we all are.

Expect more Facebook controversy to hit your news feed

Facebook, known for outperforming market predictions, has once again outdone itself — but for all the wrong reasons. Zuckerberg and Co. has endured numerous, wide-ranging scandals this year, and last week found itself combatting not one but two new controversies.

First, Facebook announced that a software bug had inadvertently affected the privacy settings for 14 million users. To explain what happened, we must first outline how Facebook privacy settings for posts should work.

When users configure their privacy settings, they authorize who can view their posts. If a user selects “friends,” for example, then their posts are not displayed to the general public — only users who are on their friends list can view the content. Once selected, this privacy setting becomes the default until a user manually updates it.

At least that’s how the feature is supposed to function. According to Facebook, the software bug automatically changed millions of users’ privacy settings to “public.” This means posts users thought were private were actually public.

While this privacy violation is a serious matter — and just the latest in a long series of related blunders — Facebook’s second PR nightmare is perhaps more damaging.

A devastating report by The Wall Street Journal found that Facebook allowed select companies to access restricted data, like the personal details of a user’s friends (see Cambridge Analytica scandal), well after 2015. These findings are in direct contrast to previous disclosures revealed by the tech giant, including some made as recently as March of this year.

Ime Archibong, vice president of product partnerships at Facebook, confirmed some companies were allowed to keep accessing this data for more than a year after Facebook put in place a more restrictive API. Archibong even mentioned a few of the developers that were granted such extensions by name, including Nissan and the Royal Bank of Canada.

DNA site exposes nearly 100 million users

MyHeritage, a family networking and genealogy website, recently announced a major data breach. According to the organization, 92 million users had their email addresses and hashed passwords compromised.

The breach occurred on October 26, 2017, but it wasn’t discovered until June 4, when a security officer notified the company’s chief information security officer. MyHeritage says that other sensitive data, including information about family trees and DNA records, were not included in the breach. That information, the company claims, is housed in a separate system that wasn’t compromised in the breach.

In addition to recommending all users change their passwords, MyHeritage announced they would hire an independent cybersecurity firm to evaluate the incident.

Finally, some good news to report

Luckily, last week wasn’t without some winners. And, even better, you’re one of them! On June 7, the Federal Trade Commission (FTC) announced that all Americans are entitled to free credit freezes and year-long fraud alerts. That’s right — credit freezes and year-long alerts will soon be free. The new changes, which are a result of the Economic Growth, Regulatory Relief, and Consumer Protection Act, take effect on September 21.

At that time, the three credit bureaus — Equifax, Experian, and TransUnion — must set up special web pages dedicated to fraud alert and credit freeze requests. Additionally, the credit reporting agencies must offer free credit monitoring to all active duty members of the military.

While this is certainly some (much-needed) good news, especially since Americans spent a combined $1.4 billion freezing their credit scores in 2017, it doesn’t address the underlying cause of issues that would lead to needing these services in the first place. Additionally, credit freezes and fraud alerts can only accomplish so much. To truly protect the privacy and identity of our loved ones, we must stay ever vigilant.

  
New Call-to-action
At InfoArmor, we believe everyone deserves the right to privacy, security, and above all else, peace of mind. This is why we’re proud to offer industry-leading solutions for employee identity protection and advanced threat intelligence. From enterprise to employee, InfoArmor redefines how organizations combat an ever-changing cyber threat landscape. If you’d like more information on how we can help your organization protect its most valuable assets, reach out. We’d love to hear from you.