Hey Facebook, is it really just about the passwords?
Like millions of others, I received the request from Facebook yesterday to reset my password in response to the report of a major hack. The prompt was a bit different than expected of a password change. Facebook took me through friends I recently added, posts I had made and things I had recently liked. Private interactions I had had with friends and had not made public. This got me thinking. Please feel free to clarify if I do not have all the facts straight so quickly after the breach but…
A data breach like no other?
There are multiple fears I have with this specific attack that I am hoping someone can address for me.
- Access to other social media accounts: When I was told to change my password, there was a specific prompt to change it to something that had never been used before. So if you have linked your account to Facebook then the breach potentially exposed your other passwords and logins which were connected. The fear of having your accounts hacked is a familiar one. To be honest I have clicked ‘Login using your Facebook profile’ too many times. It is hard to tell what has been connected to Facebook to login. How do we find out what accounts are connected and what passwords to change?
- Access to my bank account. So next step. Since I run a small business and have tried out Facebook ads 1 time, I have a bank account linked to my account. I removed it following these complicated steps. I guess I will keep an eye on any unusual charges to my account that was linked just in case? Should I cancel the card? We have all been down this road before with a breach and it doesn’t seem to phase us too much anymore.
- Access to all my contacts. Somehow over the years, the contacts in my phone are synced to Facebook, I can’t even remember when that happened. It is really convenient at times and I haven’t thought too much about it. Could this be used somehow? I get dozens of phishing phone calls a week, now I get the ‘scam likely’ alert but is there anyway to use those phone numbers or the images to create a stronger phishing scheme I can’t easily identify?
Now here is the big question
4. Access to my personality?. …I have seen this option to ‘Download Archive’. It gives me the option to download every piece of data Facebook has on me to store on my computer. That is a lot of information. I have basically programmed my personality over the course of 11 years into a database. All the music I like, my political, social, and religious beliefs. Books I have read. Places I have been and when I have been there. People I love. Major life milestones. Did someone just have the ability to download it? What could they do with it? I’m really freaked out about this one. Who orchestrated this attack? Like I brought up in the previous example, couldn’t a malicious, highly skilled attack be able to produce phishing scams so intimate we would not be able to ask simple questions like ‘When did you first meet me?’ or ‘What street did I live on when I was a kid?’. They would know right? Did 90 million of us just have Facebook tell a hostile stranger all of our secrets? What can they do with this information today? Since they potentially have it for good, what can they do with this information if they sit on it for 10 years? I’m thinking I might get a phone call from my sister on video that looks and feels so real I can’t tell the difference. Could they do this anyway and the fact that they potentially have all my personal likes, dislikes, adventures, interests, fears, and loves doesn’t matter? As you can tell the potential implications are freaking me out. Hey Facebook, can you assure me that even though someone with some mad hacking skills had access to my account that they did not download my archive?
What next?
So as I sit on the couch writing this, I am tempted to shrug my shoulders and say ‘if it happens it happens’. Is this the time when we should actually stop being immune to all the data breaches and jump up and say enough? Aren’t there ways I can protect conversations and make sure the people I am interacting with are who they say they are? Do I educate myself on cryptography and share it with close family and friends just in case? Ok lots of questions but you get the point of where my thinking is going.
Sometimes we need to step back and ask, ‘what are some problems with rapid changes in science and technology?’ With this current breach, I think we have found an answer. This breach highlights how absurd it is that we as consumers are not in control of our own personal data. We have put trust in companies to protect our privacy but now we are in a time where this just isn’t about bank accounts, this is about everything we hold dear being programmed into social media. What this leaves us vulnerable to is hard to imagine. There is no way to insure against that, no social media version of a credit monitoring system they can enroll us in to compensate. Is there an alternative? Yes. Do we need to just continue to give our data away to big companies in exchange for social interaction and entertainment? No.
Now is the time for a massive change in products that allow us to control our data and make choices about how we share it with others. You may roll your eyes at the term ‘blockchain’ since it has been associated with the boom and fall of Cryptocurrencies. But the term is bigger than that and Blockchain is not just associated with finance. Blockchain is based on the concept of building a self sovereign identity where you control your data and are not dependent on an institution to establish trust. The technologies being developed using blockchain may hold the answer to what we do about the latest breach. In the meantime, I could log off but the damage is already done. We are part of a huge social experiment where the consequences are unknown. Anyone want to teach me how to get a public key fingerprint?
