The social network reports that it will not provide protection against identity fraud to victims of the recent attack that compromised their information
Last Friday Facebook revealed that highly confidential information of 14 million of its users had been stolen by hackers, including search histories, location data, sentimental status, religious affiliation and more. However, unlike other security incidents involving large companies, Facebook has stated that it has no plans to provide protection services for affected users.
For the digital forensics specialists of the International Institute of Cyber Security, this decision of the company is incomprehensible given the magnitude of data theft, as the type of the stolen information could help cybercriminals to create malicious campaigns based on social engineering.
Facebook protection measures
About users who have suffered consequences the most (about 14 million people), Facebook announced that stolen data included user name, gender, location/language, sentimental relationship, religion, hometown, current city of residency, date of birth, devices used to access Facebook, academic background, job, places visited, and followed pages.
Typically, companies affected by similar incidents, such as Target in 2013, provide information protection and monitoring services to reduce the risk of identity theft using the stolen information. Other hacked companies, such as Playstation Network or Equifax have implemented similar measures after being attacked.
A Facebook spokesman commented for several media that the company would not provide these services, at least not at this moment. Instead, users would be directed to the help section of the website.
“The protection measures we are providing to those affected are based on the actual types of data accessed, including the steps they can take to protect themselves from suspicious e-mails, text messages or calls”, said the spokesperson.
The news of the data theft were made public on October 5, when Facebook stated that it was probable that 50 million of users had been affected, although its digital forensics team subsequently reported that the real figure was about 30 million users.
“We haven’t ruled out the possibility of smaller-scale attacks, but we’re still investigating the situation”, wrote Facebook’s product manager, Guy Rosen, in a statement published through his blog.
The stolen data could be very valuable for hackers, considers Joseph Lorenzo Hall, an expert in digital forensics. “What is really troubling is the possibility that users’ accounts for other services, besides Facebook, can also be compromised”, the expert mentions. He also believes that Facebook should maybe offer free premium access to password management services and more similar software.
In Europe, Facebook faces a fine of up to $1.63 billion USD (4% of its global annual revenues) due to this incident, considered as the first major test for the General Data Protection Regulation (GDPR), in force in the European Community since last May.