Ask Floh: Why the Facebook breach is so spooky and how it could haunt us for years: Peerio
October 31, 2018

Ask Floh: Why the Facebook breach is so spooky and how it could haunt us for years

Worried about Facebook’s recent data breach?

Wondering how it could affect you?

To wrap up Cybersecurity Awareness Month, we’ve got a special Halloween spooktacular edition of Ask Floh.

In this episode, we learn why the latest Facebook breach is so spooky, how it could haunt us for years to come, and a couple tips on what you can do to protect yourself.

Got a question? AskFloh@peerio.com

In a business context, there is a strategy you could use to mitigate your vulnerability to highly personalized phishing and business email compromise. You could implement an end-to-end encrypted channel to verify all your financial requests. For example, if your “boss” sends you an urgent email telling you to pay an invoice immediately or else you’ll lose the account, having a secure workflow in place could help. End-to-end encrypted business chats, like Peerio, use Public Key Verification, which helps you confirm the identity of the person you’re communicating with. In the case of your “boss” demanding you pay a bill immediately, you could ask your “boss” to use your secure workflow and make the request through Peerio. That way you can verify that the request is legitimate.

Transcript:

Hello. Welcome to a very special spooktacular Halloween edition of Ask Floh, your show about cyber threats, digital hauntings, and other no good things on the internet.

So today I have a question that came to me from various different people both online and just in general life. And it is about the Facebook breach. And specifically people are wondering about, you know, this thing that is kind of spooky, but they’re not really sure:

“What is the impact on me as a random Facebook user? And how can I protect myself from whatever that potential impact might be?”

And that’s actually a really good question and explores a really interesting side of cybersecurity that’s very sort of sideways. So let’s talk about it.

The first thing is, okay, what was this breach? Basically, about 30 million accounts were compromised from Facebook. And the data that was taken is the kind of data that you would expect Facebook to have. Things like your personal information, locations that you’ve been, stuff you’ve searched for, who your friends are, that kind of stuff. On the face of it, it’s kind of like, well, this isn’t necessarily the most private information for most people. I mean, for some people, it well might be, but for some, it’s not.

What could hackers do with this? I’m not going to get into the deeply spooky geopolitical, nation state, spying stuff. That’s for other people to speculate about. I’m going to talk a little bit more about the mundane threats.

What can people do with this Facebook information. Let’s imagine the underground economy in which this kind of data might be sold. So there is an underground economy and it has a ton of data, kind of like credit card numbers, social insurance, numbers, passwords, so many passwords. And this is the kind of place where Facebook data could be sold in, you know, in large batches, combined with other things, or whatever.

Once someone has that Facebook data, the kinds of things they could do with it is, for example, to start with something really simple, is come up with the answers to personal verification questions. So these are things like when your bank asks you: Who was your first grade math teacher? Or what was the first street you lived on? Or what is the name of your pet? These kinds of things, chances are, they’re on Facebook, and they might actually even be public, but they might also be private, and that’s where they might end up in a breach.

Now, when we get more complicated, we can get into the territory of phishing, or spear-phishing, which is more targeted phishing or you know, it’s it’s various creepy siblings, business email compromise, and so on.

And we actually did an episode on business email compromise a little while ago. And we got some comments saying, hey, like you would only fall for this if you’re not very smart. And you know what, I think that is nonsense. I think these attacks are actually increasingly getting quite sophisticated. And I’ve seen some that actually like I am quite scared by. I’m like, wow, I don’t know if I would catch that and I work in security. And if you’ve got data, like Facebook data that’s really personal and really specific, it’s a lot easier to make these attacks even better, and to tailor them even more.

And, you know, that’s a whole underground economy. And there are people who really will make a lot of money using this kind of information and are also willing to buy it for a good price.

Now, what can you do? So one really easy thing, that’s quick, is if you have the option between personal verification questions, and something else, like two factor authentication, for example, which we’ll talk about some other time. Do go for the two factor authentication, don’t use personal verification questions.

The other thing is just, you know, be aware. Login to your Facebook account, see, if you’ve been breached, Facebook has been giving people notice if they have been. And then in general, be suspicious. If you get some kind of email or a Facebook message or something that’s a little bit vague, it’s a little bit like it sounds familiar, the person seems familiar, something about it is like kind of legit, but maybe not completely, and especially if they’re asking you for something, then maybe ask a couple follow up questions. Really verify that this is a legit situation and be aware that there’s some data out there that might mean that you’re risk of some kind of breach and just that extra step of vigilance, that extra step of asking questions and not being gaslit can really really save you a ton of hassle down the road because any kind of identity theft, any kind of breach is really a ton of hassle and a really unfortunate situation and I really don’t want that to happen to you.

Alright, so I hope that was helpful and I will see you back here some other time. Happy Halloween.

Related stories

Ask Floh: How to protect against Business Email Compromise


You know what’s better than secure team communication? Nothing. Peerio gives you a super secure way to chat with your team, store and share files, all in one place. Every message and file stored and sent with Peerio is encrypted end-to-end by default. Learn more.