Why the Facebook and Cambridge Analytica scandal isn't a "hack" or "breach" at all.
Over the weekend, news broke that 50 million Facebook users had their information illegally harvested by Cambridge Analytica, a firm that uses data analytics to form psychographic profiles of users for the targeting of political ads. This plops the world’s largest social network in the middle of an international scandal that influenced major events such as the 2016 presidential election and UK’s Brexit referendum campaign. Facebook faced fierce social criticism and lost around $50 billion in market cap this week. Many users have responded by completely deleting their accounts, and the Twitter hashtag #deletefacebook has been circulating after high profile leaders in the technology industry began using it, such as Brian Acton, co-founder of WhatsApp, which was purchased by Facebook in 2014 for $16 billion.
It’s no secret to Facebook that Cambridge Analytica has held this massive data trove. For 2 years beginning in 2013 the company had been harvesting profile data from millions of users. How is this possible? Well, thanks to a loophole in Facebook’s API, Cambridge Analytica was able to collect data as a third-party developer, not only from individuals using their app, but also from all of the friends that are in that user’s Facebook network. The stipulation was that Cambridge wouldn’t use this data to market or sell anything- a rule that was quickly violated. So, while many people are quick to label this event as a “hack” or “data breach”, a spokesperson from Facebook reiterated that this is not the case; “No systems were infiltrated, and no passwords or sensitive pieces of information were stolen or hacked.” The fact is, the information that was harvested wasn’t private to begin with. Facebook has for a long time opened up its data trove of information to third-party developers with the vision of integrating Facebook identities with other apps and services. It wasn’t until 2015, long after Cambridge had amassed their huge data base, that Facebook updated their API to block this third-party access. At Facebook’s request, Cambridge agreed to delete any information that was acquired illegitimately, and presented them with a written statement that this data had been deleted. But Facebook failed to verify this claim in 2015, and for many years afterwards Cambridge retained and used that data.
For this reason, Facebook has been under relentless scrutiny and is now poised to testify before US Congress. CEO Mark Zuckerberg recently broke his silence since the news surfaced, offering apologies, solutions, and even sharing some ideologies. “We’ve let the community down and I feel really bad and I’m sorry about that.” said Zuckerberg. “There was this values tension playing out between the value of data portability — being able to take your data and some social data, the ability to create new experiences — on one hand, and privacy on the other hand,” he went on to explain. “I was maybe too idealistic on the side of data portability, that it would create more good experiences — and it created some — but I think what the clear feedback from our community was that people value privacy a lot more.”
As Zuck prepares to likely testify before Congress, something he has done many times before, his company has been developing plans to make sure that this type of activity never happens again. This includes auditing third-party developers that have worked with Facebook, to check for any data that’s been improperly acquired. That would include an investment of millions of dollars, months of time and as many auditors as they can possibly find. While it’s no easy task, it may be necessary to regain the public’s trust and halt the spread of #deletefacebook.
How hackers infiltrate the network of a global corporation like American Express
Are you an Amex card holder? American Express has recently alerted all of their customers of hacking activity that compromised personal and credit card information of some customers. Orbitz, a third-party vendor of American Express, was the victim of a cyberattack involving the exfiltration of data that included full names, payment card data, email addresses- basically any information that you would typically enter to book a flight or plan a vacation. They state that transactions made on the Orbitz platform between January 1, 2016 and December 22, 2017 have been affected. If you are an American Express customer or made a transaction on Orbitz within that timeframe and have not been contacted by American Express yet, visit their website for directions on how to contact a representative.
We’ve seen hackers use many familiar tactics to target large, global corporations. In fact, they begin by targeting peripheral companies, like vendors, partners, suppliers or re-sellers. These organizations are called "staging" targets. The idea is that these smaller companies have less secured networks than larger corporations, which is indeed true, but also have trusted access to the bigger, “intended” target’s network. Therefore, hackers begin by infiltrating the staging target’s network, in this case Orbitz, which then helps them gain access to the intended target’s network. The moral of the story is this: no matter how big or small an organization, hackers are continuously finding new ways to infiltrate networks, and we can expect these tactics to continue to evolve. Not sure if you're protected? Contact us immediately.
Quickbooks 2015 is set to be discontinued on June 1.
Do you use Quickbooks at your organization? If so, check what version you are running. Quickbooks 2015 is set to be discontinued on June 1st, which means there will no longer be any live support offered, and all add on services will be discontinued. If you use Quickbooks for payroll, banking or credit processing, or use any other Intuit online services, you will want to make sure that you are running Quickbooks 2016 or later. For complete information about this discontinuation policy and for instructions on upgrading your Quickbooks software, visit the Intuit support page.
Tom X. McShane
317 251 7920