Another blunder of the data breach and guess what? Facebook and Twitter users have been impacted big time. Aren’t we more careful after all these data scandals or the companies aren’t taking these continuous breaches seriously?
Yesterday Facebook and Twitter announced that hundreds of users’ personal data may have been improperly accessed after they used their accounts to log in to certain third-party apps. The certain apps they are talking about include Giant Square and Photofy. The improperly accessed data included usernames, email addresses, and most recent tweets (of Twitter users) while accessing these certain apps via Facebook or Twitter logins.
As the initial step, both of the bad behavior apps have already been taken down from the Google Play Store so that it doesn’t affect more users.
Facebook and Twitter say that the users’ data had been accessed after they used their accounts to log in certain apps downloaded from Google Play Store. Does that mean Google Play Store isn’t secure anymore? Or do I need to add more security layers from my end to be more careful? Because it looks like somebody isn’t doing much about my data’s security, resulting in the other party gaining access to all my data.
Twitter says that the company has warned Google as well as Apple about this fragility so that at least they can secure their users’ data. Because there hasn’t been any news of Apple users’ data being improperly accessed.
Statements From Spokespersons:
Twitter in a blog post – “While we have no evidence to suggest that this was used to take control of a Twitter account, it is possible that a person could do so,”
A Twitter spokeswoman, Lindsay McCallum (Senior Communications Manager) said, “We think it’s important for people to be aware that this exists out there and that they review the apps that they use to connect to their accounts,”
A Facebook spokesperson sent the following statement concerning this breach:
“Security researchers recently notified us about two bad actors, One Audience and MobiBurn, who were paying developers to use malicious software developer kits (SDKs) in a number of apps available in popular app stores. After investigating, we removed the apps from our platform for violating our platform policies and issued cease and desist letters against One Audience and MobiBurn. We plan to notify people whose information we believe was likely shared after they had granted these apps permission to access their profile information like name, email, and gender. We encourage people to be cautious when choosing which third-party apps are granted access to their social media accounts.”
In return to this statement from Facebook, MobiBurn addressed this vulnerability, saying it does not collect, share or monetize data from Facebook.
MobiBurn also said that “The entity states that it only facilitates the process by introducing mobile application developers to the data monetization companies,”
“This notwithstanding, MobiBurn stopped all its activities until our investigation on third parties is finalized.”
Who’s Getting Affected By This?
It looks like one party is blaming another one for hiding its loopholes (if any) and in the end, who is getting affected? USER, whose data might have been accessed by some stranger and there are high chances that it can be used for some illegal activities. Though there hasn’t been any news of the same, however, that doesn’t mean that there is no probability.
Companies alert us to download apps from the dedicated App stores, yet there are data breaches. Now, who should be blamed? Shockingly this didn’t happen with Apple users (till now) so should we think that this isn’t Facebook or Twitter’s fault altogether? Maybe the mobile operating system played a big role here. Who knows?
You name any data breach or data scandal in the past years, and Facebook will be mentioned there. Why Facebook come into every picture with users’ data breach incidences? From last year’s Cambridge Analytica scandal to this current one, Facebook hasn’t been able to gain the trust of its users. Yet, we are continuously using this platform as nothing happened. Facebook has been the center of these scandals where one or the other breach is taking place and the company hasn’t been able to recover from the damage.
If you all remember the Russian interference in the 2016 United States elections when along with other social media platforms, Facebook was also accused of influencing people for the 2016 United States of America elections. The statement given by Facebook CEO Mark Zuckerberg was, “I think the idea that fake news on Facebook influenced the election in any way, I think is a pretty crazy idea”. And it caught fire when Facebook made headlines for controversially deciding not to fact check political ads.
One after the other incident made Facebook stand in the red zone of a security breach of users’ data and it continues.
Again the same question, aren’t we being more careful after all these incidents? Are we waiting for these scandals to happen with every one of us?
Are we not following the company’s guidelines to download stuff from secured platforms because here we did download from Play Store, which apparently is the most secure platform to download apps for Android users? Then what happened? Are companies at fault here? Are there any loopholes companies have no idea about? Or they have become used to these incidents and taking these situations leniently?
Although Twitter has connected this breach with Android’s shortcomings, it’s still foggy how the bad actors stole users’ private data. Authentication APIs by these giants mustn’t directly share information with third-parties in the first place. Instead of taking the responsibility, Facebook says the breach impacted users who granted a few apps permissions before reading what they were giving up. Is that correct? Did this happen actually that the impacted users didn’t thoroughly read what permissions they were giving to those apps? Do you also think that the users should be blamed for this breach?
If Yes, Then The Plan Of Action For Users
Apart from downloading from the secure platform, the user will need to follow one more step (if not following still).
Users need to go through every single line while exploring any app and check what permission you are giving up to them.
Because companies are like, these breaches might be happening. You need to be more careful, always. Does that make sense? Because as it is to my knowledge, it doesn’t.
Shouldn’t we download apps from Google Play Store anymore? If not, then from where? Shouldn’t we use the login credentials of Facebook and Twitter while browsing other apps?
If you think that any user should be following any other measures apart from the once listed above, please do mention in the comments so that it can reach out to as many users as it can be.