Logo

Logo

Phishing for trouble

“With great power comes great responsibility” and a generation raised on Spider-Man ~ the Facebook CEO, Mark Zuckerberg included ~…

Phishing for trouble

Representational picture (Photo: Getty Images)

“With great power comes great responsibility” and a generation raised on Spider-Man ~ the Facebook CEO, Mark Zuckerberg included ~ is certainly au fait with this oft-quoted piece of wisdom imparted by Ben Parker to his nephew Peter, who turns into the wall-climbing power house. It would be underwhelmingly naïve to accuse Facebook of being irresponsible as it allowed hacks to play ducks and drakes with some 100 million accounts of trusting users.

Indeed, there is no guarantee that the remaining two billion users are safe given that the tech giant was oscitant as bugs in just one feature exposed its “user tokens” to attackers. Worse, it was willfully devious in not admitting to the breach till several days had elapsed in what was a rather ‘unsocial’ act by this social media company that boasts of employing the finest technology and engineering minds.

Advertisement

They were clearly asleep at the wheel as vulnerable systems provided a veritable right of way to assailants who helped themselves to the automated log-in credentials (“tokens”), which users ~ with ample encouragement from Facebook ~ used to access popular apps. Indeed Facebook engineers introduced this vulnerability when they enabled user access to services like the very popular Pinterest, Spotify, Airbnb, Tinder, Expedia, Yelp and even the New York Times, for that matter.

Advertisement

The flaw, present since July 2017, only got detected in mid-September 2018 courtesy heavy login activity in its ‘View As’ feature, designed as a preview but not a platform for posts, which got impregnated by a bug that permitted just that. The extent of the horrific consequences is yet to be discovered and can only be surmised because Facebook is hardly expected to tell all. The user will find cold comfort in the belief the stable door has been closed after the horse has bolted.

What makes matters worse is that Facebook is a repeat offender. In April this year it was forced to concede that data pertaining to some 87 million people was improperly shared with the political consultancy Cambridge Analytica, much more than the 50 million by the whistleblower Christopher Wylie. Zuckerberg’s admission and promise then was that “clearly we should have done more and we will be going forward”.

Not too many people were buying that argument and it was clear from the biggest overnight drop in its market value from $629.6 to $506.2 billion, following lower earnings and even slower growth in user-base. Even as Facebook promises to tighten security, it is important that users literally disqualify it from being the sign-on service that exposes them to the phishing threat that may not seem substantial considering the grand larcenies Facebook is used to.

Unfortunately, given the enormous scale of technology impact, the individual has ceased to matter. It is then for individuals to protect themselves even if the multinational does not care.

Advertisement