Facebook recently notified me of an attempt to log into my account from Iceland and advised me to reset my account if I had not made the attempt. As I live 1,130 miles away from Iceland and have never been there in my life, someone was obviously trying to hack into my Facebook account. But why? It’s only a Facebook account not an American Express Platinum Card account or a Coutts bank account. Anyway, I reset the account straight away.
Ten minutes after resetting my account I had another message from Facebook informing me of another attempt on my account from Iceland. Again, I went through the process of resetting my account. Of course, at this point I started to try and make sense of these events. I started to think about Facebook’s security arrangements and whether they were robust enough. My thoughts also featured the risks I and other users are exposed to by virtue of our affinity for the social networking site.
As someone who works in the Risk Management industry, there are some risks I am willing to accept, but most I would rather mitigate. Without further ado, risk assessment mode kicked in and all my thoughts were now prefixed with different ‘what ifs.’
What if Facebook was under attack, how long would it be before this cyberspace fortress surrenders in defeat? What would then happen to the personal details of over 400 million users?
What if Facebook employees have sold my personal details, and those of other Facebook users, to trade rivals, criminals or other unscrupulous types? Afterall, there is precedent for this type of behaviour. A few days ago account details of iTunes customers were on sale for 10p each in China. In November 2009, a T-mobile employee sold thousands of customers details to a rival firm. In August 2008, over a million American Express, Royal Bank of Scotland and Natwest Bank customer details were sold directly on ebay.
What if Facebook really has links with the CIA and Facebook founder and CEO, Mark Zuckerberg, is snooping on us all. Afterall, Mark has previously been accused of hacking into the systems and emails of the Cameron and Tyler Winklevoss – the brothers he is alleged to have stolen the idea for Facebook from, and to whom he paid $65m in an out of court settlement.
I also then remembered a story I had previously read about Mark Zuckerberg and Facebook accounts. According to Silicon Alley Insider (SAI), “on at least one occasion in 2004, Mark used private login data taken from Facebook’s servers to break into Facebook members’ private email accounts and read their emails–at best, a gross misuse of private information.”
Ultimately, my risk assessment led me to conclude that I needed to take steps to mitigate the security risks posed, not only by the cyberspace terrorists, but also by Facebook staff, Mark Zuckerberg himself, as well as, other Facebook users.
Please look out for my follow-up post “Mitigating My Facebook Risk Exposure” coming soon.