Facebook Security Breach

Facebook Security Breach

Introduction

Facebook is widely used throughout the world. It serves 2.37 billion active users. People use Facebook for different uses. Some business other personal accounts. About 60 million are business accounts. Regardless of whether the account is business or private, user privacy is essential. Unfortunately, Facebook has had a history of a security breach and unlawful access to user information. One major occurrence is the security breach that occurs in July 2017 but wasn’t realized until September 2018.  However, this breach could have been prevented, as will be explained in this paper.

The major security breach

On September 25, Facebook discovered a foreseen security breach that affected about 50 million accounts. The vulnerability was introduced in the site in July 2017, but Facebook did not realize until it was too late. A spike in unusual activity is what led to the discovery of the attack. This vulnerability enabled hackers to take over user accounts. The attackers used bugs, which allowed the attacker to see all contents in a victim’s profile. However, FB did not confirm if the attacker could access the private message or if some data was misused. According to the Vice president of product management, Guy Rosen, Facebook unconsciously introduced three vulnerabilities in its video uploader. The feature, view as allowed one to view your profile as a second party. When the video uploader appeared, it generated access token using the person who the profile page is viewed as. When the tokem=n is obtained, then the attacker can log into someone’s else account as a second person.this forced Facebook to automatically log out about 90 million user accounts to correct the vulnerability. Unfortunately, Facebook hasn’t found the attacker yet. It is still working with the FBI to identify the attacker, but guy Rosen states that it is likely that they may never find out.

Classifying the security breach

According to chapter 11 of the coursebook. Computer crime involves a computer as the object of a crime or the tool used to omit the crime. Here, the attacker targets specific networks, while computer fraud is when the computer is the instrument in committing the offence. The vulnerability was, therefore, a computer crime in the category of pure computer crimes. This is because a computer was the primary object of the crime and targeted a specific network which is Facebook. The coursebook also explains that there are three types of computer crimes, and one of them is compromising valuable information. This includes illegal access to or misuse of the information in an AIS. The hackers illegally accessed information from the user accounts by taking full control of the accounts.

Legislation for this crime

This type of crime is registered under the federal legislation. The criminal law Improvement Act in 1987 is an act that focuses on criminal activities involving computers. The act addresses the unauthorized use of computers and networks. The federal laws also address the intent to illegally obtain information through the use of computers. The attackers illegally accessed the users’ accounts and obtained information illegally.

Recommendations

Facebook had a lot of options to prevent the security breach. These include the protection of passwords, user awareness, and the use of firewalls. The featured view generates an access token that allows a user to remain logged in their Facebook account on a device without signing in every moment. Therefore, Facebook should remind the users to always log out of their Facebook once they were not using the accounts. This locks out the hacker, and they cant impersonate their accounts. Also, the protection of passwords is essential. Facebook should ensure that the users have to first be verified before using the accounts. The hackers used bugs to hack into people’s accounts. By the use of a strong firewall, the users could have protected their accounts from being accessed illegally.