Worries linger as Facebook withholds stolen searches & checkins – TechCrunch


Hacked Facebook users still don’t know which 15 recent searches and 10 latest checkins were exposed in the company’s massive breach it detailed last week. The company merely noted that those were amongst the data sets stolen by the attackers. That creates uncertainty about how sensitive or embarrassing the scraped data is, and whether it could possibly be used to blackmail and stalk them.

Much of the scraped data from the 14 million most-impacted users out of 30 million total people hit by the breach was biographical and therefore relatively static, such as their birth date, religion or hometown. While still problematic because it could be used for unconsented ad targeting, scams, hacking attempts or social engineering attacks, at least users likely know what was illicitly grabbed.

Thankfully, some of the most sensitive data fields, such as sexual orientation, were not accessed, Facebook confirms to me. But the exposure of recent searches and checkins could threaten users in different ways.

Given the attack was so broad and impacted a wide variety of users, unlike say a targeted attack on the Democratic National Convention, there’s no evidence that blackmailing or stalking individual users was the purpose of the hack. For the average user hit by the breach, the likelihood of this kind of follow-up attack may be low.

But given that public figures, including Facebook CEO Mark Zuckerberg and COO Sheryl Sandberg, were victims of the attack, as well as many reporters (myself included), there remains a risk that the perpetrators paw through the data seeking high-profile people to exploit.

Stolen data on “the 15 most recent searches you’ve entered into the Facebook search bar” could contain embarrassing or controversial topics, competitive business research or potential infidelity. Many users might be mortified if their searches for racy content, niche political viewpoints or their ex-lovers were published in association with their real name. Hackers could potentially target victims with blackmail scams threatening to reveal this info to the world, especially since the hack included user contact info, including phone numbers and email addresses.

Scraped checkins could power real-world stalking or attacks. Users’ exact GPS coordinates were not accessible to the hackers, but they did grab 14 million people’s “10 most recent locations you’ve checked in to or been tagged in. These locations are determined by the places named in the posts, such as a landmark or restaurant, not location data from a device,” Facebook writes. If users checked in to nearby coffee shops, their place of work or even their home if they’ve given it a cheeky name as some urban millennials do, their history of visiting those locations is now in dangerous hands.

If users at least knew what searches or checkins of theirs were stolen, they could choose if or how they should modify their behavior or better protect themselves. That’s why amongst Facebook’s warnings to users about whether they were hacked and what types of data were accessed, it should also consider giving those users the option to see the specific searches or checkins that were snatched.

When asked by TechCrunch, a Facebook spokesperson declined to comment on its plans here. It is understandable that the company might be concerned that disclosing the particular searches and checkins could unnecessarily increase fear and doubt. But if it’s just trying to limit the backlash, it forfeited that right when it prioritized growth and speed over security.

As Facebook tries to recover from the breach and regain the trust of its audience of 2.2 billion, it should err on the side of transparency. If hackers know this information, shouldn’t the hacked users too?


Like it? Share with your friends!

873
22165 shares, 873 points

What's Your Reaction?

Fake Fake
0
Fake
Epic Epic
0
Epic
Dislike
0
Dislike
Like Like
0
Like

Comments 0

Your email address will not be published. Required fields are marked *

Worries linger as Facebook withholds stolen searches & checkins – TechCrunch

MainStreet Econ

Join the MSE Community

reset password

Back to
MainStreet Econ
Choose A Format
Trivia quiz
Series of questions with right and wrong answers that intends to check knowledge
Poll
Voting to make decisions or determine opinions
Story
Formatted Text with Embeds and Visuals
List
The Classic Internet Listicles
Open List
Open List
Ranked List
Ranked List
Video
Youtube, Vimeo or Vine Embeds
Image
Photo or GIF
Gif
GIF format

Send this to a friend