All the latest UK technology news, reviews and analysis


Facebook data breach: Security experts call for reforms

24 Jun 2013
Image of Facebook logo and login screen

Security experts are calling for tighter controls on social networking sites following the discovery of a security flaw that has left the account information of millions of users vulnerable to harvest.

Packet Storm, the security firm that reported the vulnerability and worked with Facebook to address the data disclosure flaw, said that legislators must craft stricter laws on how social networking firms can manage data and how users can manage their information.

The company said: “There comes a time when a line in the sand must be drawn. We need clearly defined legislation that dictates when that line is crossed and what the repercussions should be. We need to clearly document what is considered sensitive information tied to a personal identity versus what should be considered public domain.”

The issue, disclosed by Facebook last week, is with the site's Download Your Information feature. The flaw improperly stores contact information on friends, allowing users to spot the email addresses and phone numbers of contacts who may not have otherwise been visible.

Mike Gross, director of professional services for security firm 41st Parameter, said that while the data may only be available to friends, an attacker could exploit the feature to target the friends and family of a compromised user.

“This makes phishers' jobs much easier, as they now potentially have access to an email address, as well as the individual's closest connections/relationships," Gross explained.

"So rather than getting a phishing e-mail with a link from Facebook or another site, a fraudster could make the phishing e-mail look as though it is originating from your close friend with a link that looks legitimate but sends the user to a site that downloads malware to their device."

Packet Storm noted that while Facebook has worked quickly to address this incident, the real danger lies in the way that social networking sites are allowed to manage user data. The company believes that government intervention may be needed to set a standard for how sites can manage and revoke access to user data.

Facebook reacted to the incident in a responsible manner in order to fix the leak. What is not fixed, is their policy,” the company said.

They will continue to maintain dossiers with your personal information without giving you any control over it. They simply claim it is not your data, it is your friend's.”

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Shaun Nichols
About

Shaun Nichols is the US correspondent for V3.co.uk. He has been with the company since 2006, originally joining as a news intern at the site's San Francisco offices.

More on Security
What do you think?
blog comments powered by Disqus
Poll

IT curriculum poll

With coding now compulsory in schools, how important are digital skills for the next generation of school leavers?
64%
9%
18%
9%

Popular Threads

Powered by Disqus
Xperia Z2 vs Galaxy Note 3 video review.jpg

Xperia Z2 vs Galaxy Note 3 video review

We pit Sony's 2014 flagship against Samsung's ruling phablet

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

UNIX Systems Administrator / Linux Redhat Solaris Engineer - Banking

UNIX Systems Administrator / Linux Redhat (5 & 6...

SAP APO Demand Planning Business Analyst (50% World Travel)

APO Demand Planning Business Analyst (50% World Travel...

Marketing Manager - Top Global Internet Infrastructure Company

My client, one of the world's most sucessful global internet...

Senior Portfolio Planner

Senior Portfolio Planner An exciting opportunity to...
To send to more than one email address, simply separate each address with a comma.