Are you rethinking Facebook?

Facebook is currently the world’s most popular social media site, with
over 400 million users. Long plagued by accusations of security leaks
and lackluster privacy practices, the corporation is currently defending itself against
a barrage of new criticism. CEO Mark Zuckerberg gave an interview
earlier this year arguing that privacy is no longer a “social norm.”
Facebook privacy policies have been rapidly shifting to reflect this

The latest firestorm centers around a new feature called “instant
personalization,” a targeted advertising service that supplies
personal user data to advertising partners like Pandora and Microsoft
Docs. All Facebook accounts were included in this service when it was
rolled out, and opting out is a convoluted, multi-step process. In a
move that some users are calling deliberately deceptive, simply
clicking an “opt out” check box does not protect your user data from
being shared.

So far, the beta service is limited to three corporate partners — all
of whom have promised not to behave inappropriately with the shared
user data — but the feature is slated to be expanded over time. This
puts millions of user accounts and their personal information at the
mercy not just of Facebook, but of the ethics of every company who
becomes an instant personalization partner in the future.

Other unintentional security breaches are also making headlines. A Russian
hacker who calls himself “kirllos” recently claimed to possess the
logins and passwords to 1.5 million Facebook user accounts — and he
is putting them up for sale, cheap. Though no one has officially verified whether these user credentials are real or fake, kirllos has already sold off around 700,000 of them.

If true, this incident puts another crack into Facebook’s already-besieged reputation. Account compromises not only leaks a user’s private information, including photos, status updates, and private messages sent between users, but can also lead to increased phishing risks – imagine a trusted Facebook friend sending you a message with a malicious embedded link, once clicked, can direct you to a malware laden site.

What does this mean for corporate users? Opening up your company to Facebook access could lead to increased phishing and malware threats, which could further cause data breaches and other more serious forms of security incidents within your corporate network. Given the soaring popularity of Facebook as a casual communication tool, the usual acceptable usage recommendations — urging employees to use discretion and avoid discussing sensitive information via Facebook – is far from sufficient.

Social media can be a corporate asset. Facebook provides a high-profile tool for company exposure and branding, and the wide reach of such a social platform can facilitate business networking. But if you had known that the media giant would be
riddled with security holes, while at the same time deliberately taking on a cavalier attitude toward user privacy — would you have allowed your users access to Facebook?


About Chenxi Wang

Dr. Chenxi Wang is a Principal Analyst with Forrester Research. She serves on the security and risk team, covering topics such as cloud security, application security, and content security. Previously Chenxi was Chief Scientist with KSR Inc. (now part of Neohapsis). Prior to that Chenxi was an Associate Professor at Carnegie Mellon University.
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s