Magazine Button
Tenable expert says Facebook data leak was ‘preventable’

Tenable expert says Facebook data leak was ‘preventable’

Enterprise SecurityLatest ThreatsTop Stories
Renaud Deraison, co-founder and CTO, Tenable

An expert from Tenable has said data leaks such as the current Facebook example are avoidable with a better approach to cybersecurity.

A leak has been exposed in a report from the UpGuard Cyber Risk team which claims that third-party developed Facebook app datasets have been found exposed to the Internet.

The report says this has resulted in the leak of over 540 million records detailing comments, likes, reactions, account names and FB IDs on Amazon servers.

Renaud Deraison, co-founder and CTO, Tenable, said: “Seems like every other week a security issue is discovered in the Facebook ecosystem.

“Facebook is giving third-party app developers access to user data. That means the company’s massive trove of data is in the hands of potentially thousands of third parties all over the world.

“App developers are focused mainly on bringing new offerings to market quickly – it’s what consumers have come to expect. It looks like Facebook doesn’t have enforced guidelines when it comes to how its partners handle cybersecurity.

“As long as cybersecurity remains an afterthought in the digital economy, we’ll continue to see these kinds of easily preventable data leaks.”

A spokesperson for Facebook said: “Facebook’s policies prohibit storing Facebook information in a public database.

“Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people’s data.”

Naaman Hart, Cloud Services Security Architect at Digital Guardian, also commented: “Individuals need to be aware that once you provide your information to a company like Facebook, they will regularly sell this data onwards. This is the price paid for access to a free service but you should acknowledge that this is indeed the price you pay. While Facebook itself has not compromised this data, it has allowed it to be freely obtained by companies with lax security measures. In this sense, it has not aided its customers in protecting their data, rather they’ve done the opposite.

“In the age of GDPR, companies must realise that when they collect data, they are responsible for it regardless of whether they share it onwards or keep it themselves.”

Click below to share this article

Browse our latest issue

Intelligent CISO

View Magazine Archive