No site, no matter how big or how wealthy, is immune from data breaches. Recently, software flaws were discovered at both Facebook and Google that put the personal information of tens of millions of people at risk.
The Largest Facebook Hack Ever
The Facebook hack, the largest in the company's history, was discovered in the middle of September 2018. Once found, it took Facebook 11 days to fix. Originally, Facebook said the data of 50 million users was stolen, but on October 12, the company issued an update.
The update contained good and bad news. The good news was that the hack affected fewer people than previously thought -- "only" 30 million users. The bad news is 14 million of those users had especially sensitive information stolen.
How did the data thieves pull off such a big hack? According to Facebook, the hackers took advantage of three software bugs to steal access tokens, which are what allow users to stay logged into Facebook. Ironically, one of the bugs was in a software tool meant to help Facebook users protect their privacy.
The hackers used the tokens to take over Facebook accounts. From there, they were able to move on the friends and friends of friends of the compromised accounts, grabbing access tokens along the way, until 30 million accounts were compromised.
Users' names and contact information were accessed in about half of the breached accounts. The other half had far more information taken from their profiles, including items such as gender, hometown, current location, relationship status, work, education, pages followed, 15 most recent searches, and last 10 places checked into.
Facebook said the FBI has asked them not to discuss who might have committed the attack.
Google Did Not Tell Its Users That Their Personal Info Was Exposed
A software bug was also behind Google's breach. As many as half a million Google+ users' names, ages, genders, and occupations were made vulnerable to hackers, although Google said there was no evidence that the information was actually accessed.
The bug was first publicly reported by the Wall Street Journal in October 2108, but Google had actually discovered the flaw back in the spring -- and it had affected Google+ users from 2015 to March 2018. The Journal said Google executives decided not to tell their users because they were afraid of government regulation. Google said the reasons they remained silent were because they couldn't identify which users were affected, didn't think the data had been misused, and didn't have any concrete plans to offer users anyway. Meanwhile, the company will be shutting down the Google+ social platform soon.
White Label Identity Protection Offers Relief to Your Customers
When people can't trust even the largest tech companies to protect their data, what can they do? This is where you can come in and help. The Enfortra suite of White Label Identity Protection tools provides an outstanding branding opportunity for financial institutions to offer reassuring and much-needed protection to customers and employees. You select which features to offer and, as the program's sponsor, reap loyalty and goodwill. By fulfilling a critical need for your customers that is not currently being met elsewhere, you create a powerful ongoing branding opportunity.