Facebook Will Not Provide Protection for Data Breach Victims
Recently, Facebook revealed that around 14 million of its users had their personal information stolen by hackers. The information hacked includes, but is not limited to, search history, location data, relationship status, and religious beliefs.
Upon investigating this incident, Facebook discovered that the hackers obtained access to accounts via access tokens. These access tokens were abused due to the interaction amongst three major bugs in Facebook’s system. Action was immediately taken after Facebook discovered suspicious activities, but the damage done was already immense.
Facebook claimed that it has no intentions of providing protection for the victims of this latest data breach, which is unlike what occured in other major data breach incidents. For instance, Target suffered a severe data breach in 2013 but responded by providing the victims with access to credit protection agencies and other methods to minimize the risk of identity theft.
A Facebook spokeswoman told the BBC that Facebook would not be taking such steps at this time, but has, instead, established a help page where victims can verify whether their personal account was hacked. The help page can also assist users in protecting themselves against the hack.
“The resources we are pointing people toward are based on the actual types of data accessed – including the steps they can take to help protect themselves from suspicious emails, text messages, or calls,” the spokeswoman said. The help page not only assists users in identifying whether they are victims of the security breach, but also informs users about the specific information that was accessed through their account, and offers recommendations on what to do next.
Facebook is still conducting a thorough investigation into the data breach. Because the discovered bugs have existed since July 2017, the company has not ruled out the possibility that individual attacks on the token system went undetected before September 2018.