Another day, another online security breach which puts too much of our business and personal information into the hands of crooks. Is it just me, or are you starting the question the responsibilities of service provides?
TK Maxx, Bank of America, Epsilon, Sony and a raft of other companies have all recently suffered severe data loss. The mighty Facebook is the latest culprit, where thousands of accounts may have accidentally been leaked because of a flaw in some applications.
“This episode teaches us all at least two main lessons,” said Catalin Cosoi, Head of the BitDefender Online Threats Lab. “Applications should have switched to the new authorisation mechanism as soon as possible and if any data was leaked, there’s not much to be done now, since it is lost for good.”
Well, that’s reassuring…
Facebook users should certainly pay extra attention in the following months to all the messages they receive and be very careful when they are asked to perform different actions, even though the messages/requests might apparently come from someone they know. Just as they have already been advised, a good way for Facebook users to invalidate their current access tokens is for them to change their passwords.
So how did the whole Facebook issue come about? According to Cosoi, the entire issue is related to OAUTH, the secure authorisation protocol, and the use of some deprecated parameters by different applications still not updating from OAUTH to its latest version, OAUTH 2.0.
This means that third parties, such as advertisers can get hold of access tokens, which open their way to Facebook users’ account information and sometimes provide them with the ability to perform different actions in the user’s name.
Security breaches like this are becoming just like a regular crime nowadays and society as a whole has come to grips of it. But it makes you wonder how safe our business data is when we’re putting more and more of it into the hands of third-party providers.