What the Facebook Leak Means for Businesses

The Facebook leak didn’t just impact consumers. Businesses should take steps to ensure their systems are safe.

Facebook is often in the news and it’s not always in a positive light. Politics, scandals, security problems and a slew of other news-making issues keep the social media giant in our faces, even when we’re not logged into the app. So it’s really not surprising that a breach occurred, they happen to every company, but apparently the handling of this leak was murky at best. Last week, a hacker posted the personal details of over 500 million Facebook users on a hacking forum. For free.

There are all sorts of articles out there about how users can check to see if they were impacted. The most commonly shared website is Have I Been Pwned, which has been updated to also search for exploitation of phone numbers. All users should check to see if their information is included on the list, even business users. Just remember, this data is actually from 2019, so make sure you check old email accounts as well.

Facebook’s handling of this situation in general is confusing. The company claims that the data is from an old breach that was reported on in 2019, that the vulnerability related to that issue was fixed in August of that year. But Wired does a really good job of sorting through Facebook’s vague responses. They also shared a quote, which is quite poignant: 

“At what point did Facebook say, ‘We had a bug in our system, and we added a fix, and therefore users might be affected’?” says former Federal Trade Commission chief technologist Ashkan Soltani. “I don’t remember ever seeing Facebook say that. And they’re kind of stuck now, because they apparently didn’t do any disclosure or notification.”

That statement alone should not only concern consumers, but businesses as well. In order for businesses, especially web-based businesses, to remain competitive is to have a presence on social media. Which means businesses need to also take action. There are two steps businesses should take immediately to ensure security.

Step one, businesses should check the above website to see if their account was impacted. If they were impacted, passwords and access controls need immediate review. Passwords should be changed even if a business finds they are not on that list, simply as a precaution.

Step two involves internal business practices. The next sentence is not going to make us any friends, but it’s important. Businesses should require employees to enable MFA, or to change all of their passwords for every internal system to which they have access. Yes, the data is “old” and yes, employees will grumble at having to change them, but it’s important. People recycle passwords on a regular basis and there is simply no way to ensure that they haven’t used a password for your business that they also use for personal accounts. 

Again, this is not a popular option, but it is the most effective way to ensure that your employees aren’t your weakest link. One way to help with this is to require employees to use a password manager that creates, remembers and auto-fills each password for each system. Your employee doesn’t have to remember what it is, they don’t even have to know what it is, which means the password won’t be recycled outside of your business.

Security is a major problem for every business right now. Facebook is a giant corporation and they will have to answer for this once everything is sorted out. Threat actors are everywhere and they continuously prove that the size of the business doesn’t matter, it’s their ability to get in and get information as quickly as possible. If you have weak security defenses, you’re an easy target. And it’s likely that you won’t be able to withstand the storm that follows a breach, something even large corporations take years to overcome.

Remember, no one expects you to know it all. Business owners and business leaders have department managers to help run the day-to-day, they are the internal experts. But when it comes to specific technological processes, complicated tasks that put your business at risk if not done properly, do yourself a favor and call an expert. Bring someone in who can get a fresh set of eyes on things and make sure your security is as tight as it can be.

About the Author

Pieter VanIperen, Managing Partner of PWV Consultants, leads a boutique group of industry leaders and influencers from the digital tech, security and design industries that acts as trusted technical partners for many Fortune 500 companies, high-visibility startups, universities, defense agencies, and NGOs. He is a 20-year software engineering veteran, who founded or co-founder several companies. He acts as a trusted advisor and mentor to numerous early stage startups, and has held the titles of software and software security executive, consultant and professor. His expert consulting and advisory work spans several industries in finance, media, medical tech, and defense contracting. Has also authored the highly influential precursor HAZL (jADE) programming language.

Contact us

Contact Us About Anything

Need Project Savers, Tech Debt Wranglers, Bleeding Edge Pushers?

Please drop us a note let us know how we can help. If you need help in a crunch make sure to mark your note as Urgent. If we can't help you solve your tech problem, we will help you find someone who can.

1350 Avenue of the Americas, New York City, NY