The Facebook commitment to inter-connectivity has resulted in more channels of vulnerabilities.
Up until yesterday, The Guardian reported that true impact of the breach that has affected 50 million Facebook accounts is yet to be determined.
Facebook ‘tokens’ allow users to log into to other apps, so that the user does not have to keep using a password every time they want to log in.
Dana Simberkoff, chief risk, privacy, and information security for enterprise security firm Avepoint told The Guardian that there is significant risk exposure for using apps to log into to other apps.
While Facebook has taken steps to rectify the matter is the hacker has used a Facebook account to compromise another app then they might still on your system.
Impact in Australia
This is the first major breach since the rollout of the Notifiable Data Breach scheme and the General Dara Protection Regulation has been rolled out.
Was a few days after the breach hit mainstream media the Office of the Australia Information Commissioner (OAIC) issued a statement:
The OAIC is making inquiries with Facebook about the facts, including the number of Australians who may have been impacted by the incident. The OAIC is also in contact with the Australian Cyber Security Centre about the incident.
The breach comes just after a year of the last the cybersecurity report that has been published by the Australian Cyber Security Centre.
According to the 2017 report for the 2016 to 2017 period, the ACSC along with Cert Australia responded to the 734 cyber incidents affecting the private sector that are of national interest and ‘critical infrastructure providers’.
The report highlighted that out six self-reported incident-types 56 per cent reported compromised systems.
In the anticipated 2018 report, it will be seen whether the NDB scheme has impacted these numbers in any way.
At the time of the incident, the Facebook statement to the public intimated that they are still in the early stages of their investigation and are yet to determine who responsible for the attack.
“Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed,” Guy Rosen VP of Project Management at Facebook said last at the time the breach was discovered.