Stolen Facebook Credentials Threaten 30 Million

Three weeks ago, Facebook revealed a serious data breach that affected up to 50 million people. Now they have revised that number down to “only 30 Million” but the breach remains one of the most serious in history not just because of its size but because of the far-reaching impact it will have.

In our story earlier this month we highlighted that the major threat from the Facebook data breach is not simply access to the users’ Facebook accounts but that the “tokens” stolen by hackers that enable them to access accounts on hundreds of other websites that a user has set up to log-in to using their Facebook account. Many sites allow a user to bypass the normal username and password screen and simply log-in based on the transferred trust of being already logged-in to Facebook. The theft literally allows the hackers to hundreds of other website accounts used by Facebook users who use this login method.

Facebook Security Flaws Threaten Thousands of Websites

The damage from the Facebook data breach reaches out like a network of tentacles that could touch hundreds of websites and affect its users for years to come. There is likely no way for future victims of identity theft and other forms of fraud to trace the cause of this future damage back to the Facebook data breach and seek restitution assistance. This is critical because unlike in the Europe Union where companies are punished for having lax security and exposing consumer data with their new, potent, General Data Protection Regulation (GDPR), American courts have historically ruled that potential future harm does not constitute harm and entitle the victim to recover damages.

American users of Facebook lack the protections afforded to their European counterparts by the GPDR law that threatens significant financial penalties on companies that don’t protect user data. California recently signed a new law in June of this year which states that loss of personal data in and of itself causes harm and imposes damages of up to $750 per person. But before this law can take effect, American tech companies like Facebook are rushing to cut it off by supporting a federal privacy law that suits their tastes much more. One can only assume any proposed federal legislation backed by the tech companies would favor their interests rather than consumers.

Traditional Credit Monitoring Response is Inadequate

In the recent past, data breaches tended to be smaller – not measured in the tens of millions of victims and many companies purchased credit file monitoring services for those affected. While this may have provided good public relations cover and make some people feel safer, credit file monitoring is virtually useless in preventing fraud because it only detects fraud after it occurs – sometimes months later.

This is in sharp contrast to MyProfyle which works proactively to stop fraud before it happens. Today, the data breaches are getting too large for companies to offer paid credit file monitoring, so it’s just as well that companies don’t offer something expensive that doesn’t work. They can offer MyProfyle and we recommend that they do so, but if they do not, that doesn’t mean that you shouldn’t take steps to protect yourself.

So What Should You Do?

At MyProfyle, we believe this threat is further proof that everyone’s information is at risk from many different sources and that we are all exposed multiple times per year. The solution to identity fraud is not to try to lock your identity or seek unobtainable privacy but to control your identity – not just your credit – by putting yourself in the position know of, approve or decline activity conducted in your name. That’s MyProfyle Free For Life ™ Identity Protection.

Did You Find This Post Interesting?

Join our email list to get the latest blog posts sent to you