Facebook Exposed (By Humans) to Vicious Strain of Malware

Viruses are the biological weapons of the internet: once someone gets infected, it's only a matter of time before the contagion starts to spread. Even a social media giant like Facebook isn't immune to the kinds of digital "superbugs" that cause data security breaches.

You would think that corporate titans – with their advanced defenses – would be most immune to the effects of malware, but the reality is that the bigger the service provider, the more vulnerable it can be to hackers and cybercriminals. Recently, we saw Twitter get hit with a massive hack that targeted the data of a quarter-million people. Now, Facebook has been victimized by a vicious strain of software.

Last Friday, Facebook security posted a statement on its blog detailing what it called a "sophisticated attack" on its system that occurred in January.

"This attack occurred when a handful of employees visited a mobile developer website that was compromised," the post said. "The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops."

The key phrase here is "handful of employees," which reminds us that the solution to the problem isn't only technological, but human in scope.

Disturbingly, all of this happened even though the users accessing this website had complete anti-virus protection. The malware was so advanced, it was able to hijack the Java protocols normally set to fight against situations like this. I'm curious to know whether or not the malware would have been avoided had the handful of employees been trained on sophisticated social engineering and spear-phishing schemes.

Facebook has stressed that no user data appears to have been compromised, and that the malware responsible was treated as of this month. While this is good news, it doesn't hide the fact that this could happen to anyone, regardless of what you think your level of immunity is. In the meantime, Facebook's troubles are a reminder that hackers can play tug of war with your online reputation at anytime, and you might not know who won until it's too late.

Social media exposure is always there, hovering just out of sight. To protect yourself, consult a data security expert to ensure your people are as updated on scams as your anti-virus protection is. Otherwise, you might wake up one morning with your information available to others – a common symptom of those affected by a data breach.

John Sileo is a data security expert and keynote speaker on social media privacy and risk management. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent work on 60 Minutes, Anderson Cooper and Fox Business.

Posted by Identity Theft Speaker John Sileo in Cyber Data Security, Online Privacy and tagged data security breaches, data security consultant, social media exposure.