‘So you’re telling me Facebook didn’t treat private messages as private? Say it isn’t so’

Top infosec trends in the social media spotlight this week

With Christmas just around the corner, all Facebook wants is for you to think twice before deleting its app.

The social media platform was in hot water yet again this week, following a report from The New York Times that revealed Facebook was sharing your private information with the likes of Microsoft, Amazon, Spotify, and others.

But most of us weren’t really surprised – Facebook makes its money from our data, and the tech giant has never been known to offer the best, let alone most readable, terms and conditions.

Either way, if you didn’t know how terrible Facebook was on data privacy, then you probably do now, as this was only the latest incident in a year that’s seen Mark Zuckerberg locked in non-stop damage control.

As a result of the Cambridge Analytica scandal, among a few other security issues, the Attorney General in Washington DC, announced on Wednesday that it would be filing a lawsuit against Facebook.

Whether Facebook violated any law remains uncertain, but what is becoming clearer is that trust in the platform is continuing to plummet.

So will *you* delete?

And while Facebook was hogging all the spotlight, Twitter sneakily announced that it had suffered a data breach that had affected an unknown number of its users in November.

In a statement released on Monday, Twitter said that a security issue related to the support forms on the platform was discovered on November 15, and fixed the next day.

The bug, however, was exploited by unknown, possibly state-sponsored, actors to reveal the “country code of people’s phone numbers if they had one associated with their Twitter account.”

Twitter has notified affected users while it continues its investigation of the breach alongside law enforcement agencies.

Facebook, Twitter and another social media platforms have all been met by criticism for failing to disclose security bugs that have compromised the personal information of their users.

But, according to one British law firm, more and more people are coming forward when they witness data leaks or misuse in their workplace.

The rise in people blowing the whistle on undisclosed data breaches nearly tripled, the report said, partly due to the introduction of the EU’s General Data Protection Regulation (GDPR).

A total of 82 people have sent reports to the UK’s Information Commissioner’s Office in the three months to the end of August, close to treble the rate compared to the 31 reports received in the three months leading up to April.

And before you think about changing your password – which Twitter said is unnecessary even for those affected by the breach it disclosed this – make sure to take a look at the top 25 worst passwords of 2018, released by SplashData.

Nearly 10% of the world’s digital population uses at least one of these passwords, Splash said, with 3% using the weakest and most easily cracked login option: 123456.

Finally, for the more security aware, GCHQ has started releasing its Christmas brainteasers to keep your brain busy throughout the holidays. Enjoy!