Concerned about what Facebook’s doing with your data, or if it’s safe to let your kids use it? You’re not alone, prominent tech execs, including Apple’s Tim Cook have expressed similar concerns.
Here to help get to the bottom of the matter we asked top cyber security experts about the platform and if it’s safe to use. Here’s what we found out.
What is Facebook?
Facebook is a social networking service that was originally launched back in 2004, making it one of the oldest social media’s that’s still currently in use.
As of the second quarter of this year, Facebook has 2.89 billion users, with a heavier emphasis on those aged between 18 and 34. The app also only allows users over the age of 12 to join, though Facebook doesn’t currently do anything to verify its user’s ages.
What are the main risks?
“The major risks to Facebook users consist of data loss (please refer to the major data breach on April – 533 million users affected), users impersonation (and its consequences on real-life – using users’ shared or leaked data to compromise their social, public and work-life) and due to Facebook’s presence as a global market, the possibility of users falling prey to online scams is ever-increasing,” Yiannis Fragkoulopoulos, customer security director at Obrela Security Industries, told Trusted Reviews.
Back in April it came out that Facebook users’ phone numbers and personal data were posted in a low-level hacking forum. A spokesperson for the company claimed that the data has been scraped.
“The good thing is that FB is still much more secure than it was pre-Cambridge Analytica days,” Chole Matthews, threat intelligence analyst for F-Secure, told Trusted Reviews.
The Cambridge Analytica scandal occurred in 2016, when a whistle blower revealed the company had been harvesting Facebook users data without their direct consent using loopholes in the platform’s terms and conditions.
“There is still data out there that was scraped from Facebook that was collected by exploiting these former loopholes – this information includes username, passwords: Facebook account data was leaked belonging to over 500 million users including their user ID and phone number,” Matthews went on to say.
“This information was found for sale on the dark web and can be used by criminals to log into victims’ accounts or conduct other social engineering campaigns or distribute malware and spam.”
Do hackers target Facebook and if so do they have any specific attacks?
“While hackers certainly target Facebook and its users, Facebook usually quickly responds when vulnerabilities are discovered, patching the discovered security hole,” Chris Hauk, consumer privacy champion at Pixel Privacy, revealed to Trusted Reviews.
“Users must help protect themselves by staying alert for questionable communications from friends and other parties, all of which could be used to steal more information.”
It’s important that you don’t respond or engage with links that are sent over Facebook from people you don’t know.
“Hackers have targeted Facebook in the past, such as the “View As” bug that subsequently led to a data breach,” Paul Bischoff, privacy advocate at Comparitech told Trusted Reviews.
“But Facebook quickly patches any vulnerabilities it finds or is warned about, so probably no attacks that worked a week ago will work today. No matter how good Facebook’s cybersecurity is, it can’t protect users from themselves if they get tricked out of their password or click on a link that downloads malware or leads to a phishing site.”
Fragkoulopoulos also points out the possibility of being sent phishing and scam messages.
“Facebook is considered a prime target for hackers due to its large number of users, data and connected applications and platforms (e.g. Instagram, WhatsApp). Hackers tend to aim for users rather than the platform itself as they are the weakest link in the chain,” Fragkoulopoulos said.
Fragkoulopoulos said this is one of the most effective tactics used by hackers to target Facebook users.
“Some of the simplest but most effective attack techniques are exploiting weak passwords and phishing mails, and some of the more advanced ones are malware embedded in ads and SIM swapping attacks,” he said”
“As for the platform itself, the recent shutdowns affecting Facebook, Instagram and WhatsApp raised some eyebrows regarding a potential successful cyber attack even though Facebook pointed out that the outage was due to a failed technical configuration.”
Would you let your kids use it?
“My kids wouldn’t want to use Facebook! They are much more interested in YouTube and TikTok,” Matthews said.
“However, I would always advise them, as with any online platform where you are sharing data and personal information, you should think about setting up security settings, minimising information that you share and could be exploited, only connect with people you know of can verify and have a good password that isn’t reused for other services.”
It’s important that you don’t upload too much of your personal information on social media, as scammers can piece together a lot of your personal information and your routine from your Facebook account.
“On a basic level, parents should be educated and informed of technology risks, such as those associated with social media platforms,” Fragkoulopoulos shared.
“On a secondary level, they should be able to transfer the knowledge and awareness to their kids by supervising their online activity. So the answer is that it depends, you should think of it as ‘Would you let your kid alone and unsupervised during their first time at a playground?”
What data does Facebook collect?
“Facebook scandals have continued to dominate the headlines over the past couple of years, with incidents of frequent data mismanagement creating widespread criticisms over the failures of major organisations,” David Emm, principle security researcher at Kaspersky, told Trusted Reviews.
“In the modern world, information is power, and with the very nature of its business model, trading data will always be a central aspect of Facebooks plans.
“However, this must be done in a secure way and with people’s knowledge and consent. After all, whether it’s your interests, images or date of birth, social media apps collect a whole host of personal information – which can have disastrous consequences if it’s misused,” Emm claims.
Facebook is also capable of tracking you on sites that have Facebook integration, as Bischoff explains.
“Facebook can track you on any site that has a Facebook plugin or widget, such as a Share button or comments section,” Bischoff says.
“The Facebook apps can find your location. Biometric info might be stored to identify you in photos. Perhaps somewhat unique to Facebook is its vast knowledge of relationship networks. It knows who you know, who you communicate with, when, and how often.”
“Any information you enter in your profile, answering “quizzes,” the location of your photos, links you click, and much more are all collected by Facebook,” Hauk says, linking back to Bischoff’s warning.
“Any activity on Facebook (and their partnering sites and services), is collected and recorded by Facebook.”
What are the best ways for users to protect themselves?
“People need to remain vigilant when using Facebook and other social media sites,” Emm went on to say.
“We have all become accustomed to posting information about ourselves on the internet, but we need to control what we really want to make public and what we don’t.”
You can protect yourself online by limiting the amount of personal information you upload and make available to see by the people you know.
“Use ad and tracker blockers, and make sure your privacy protections on your mobile device are all turned on,” Hauk advises.
“iOS 15 offers multiple new ways to control app and website tracking on your iPhone.”
“Avoid clicking on links or answering “fun quizzes.” Two-Factor Authentication should be turned on for Facebook and other sites where it is available,” Hauk concluded.