UAT Professor Aaron Jones: Protecting against data breaches
Guest blog: Written by Professor Aaron Jones, University of Advancing Technology
Facebook, having experienced a leak of user data before, has found that data in the news once more. The data is broken down into chunks by country and contains users’ mobile number, user ID, first name, last name, gender, residence, birthplace, relationship status, workplace, joined date, email, and birth date. Not all of this data is accessible for every user, as some users have not entered their relationship status for example. The file is delimited by the : symbol, which is also used for the date, and therefore, it would appear that the person who leaked the data is not very familiar with how to store large data sets.
Facebook as a company has some level of legal obligation to protect user data, but one of the big issues with digital data security is that, once the data has been released, it cannot be redacted. Information will live on forever as long as someone is willing to pay for the storage needs for keeping that data available. Facebook is not omnipotent nor all powerful, and their ability to protect user data is relegated to their own servers and really goes no further.
The information was most recently published to a site called RaidForums and users quickly identified that the majority of the data was old and not much of interest. However, the media quickly picked up on this reposting of the leak, and RaidForums pulled the plug on their site as massive amounts of traffic began to roll in. Google cache, however, revealed who had made the post and what public discussions were being had.
Facebook will see this data crop up again and again over time and this leak will probably never go away. However, it will always serve some good as a testament to how not to handle a breach and as a warning to users that whatever data they may share could come out publicly time and time again.
Individuals who suspect or discover their data has been breached should continue to follow best practices including, not providing additional information to callers if asked for things like social security number or to confirm date of birth. They should also closely monitor their credit report and be suspicious of unsolicited emails, phone calls, or other forms of communication.
Remember that no government or law enforcement official will call you to threaten you, confirm warrants, or demand personal information from you.
ABOUT THE AUTHOR
Professor Aaron Jones is the lead cyber instructor at the University of Advancing Technology, a recognized leader in innovation and technology education, among a select few 100% STEM-based universities in the nation. In addition to being a highly skilled software developer who currently creates applications for law enforcement, he iis also an AZ POST certified general instructor as well as a public speaker. He earned a B.Sc., in Computer Information Systems from Park University in 2013 and an M.A., in Intelligence Analysis with a focus in Cyber Security from the American Military University in 2014. He has been the recipient of recognition from the El Paso Police Department, State Of Texas, Texas Military Forces, Chandler Police Department, and others.
Jones is also active in the community as the founder of the Phoenix Linux Users Group Cyber Security Meetup and regularly teaches members of the public a myriad of topics related to Cyber Security. His audience includes students, teachers, law enforcement, military, government officials, and concerned members of the public with a strong desire to learn what is going on in the world of technology.