CategoriesData BreachesSocial Media

Facebook Scrambles to Restrict Access to your Data

Facebook released a newsroom update today outlining their new plan to restrict data access going forward.

A Month of Scandals

It has been a turbulent month for the social media company. First, it was announced that Cambridge Analytica had performed a breach on Facebook. They did this by obtaining data from an app that tricked users into giving up personal information for “academic research”. This app harvested not only users’ data, but also the data of their friends. It has been said that over 80 million people were affected by this breach. This information was handed over to Cambridge Analytica, a British data mining firm, who used it to influence voter opinion on behalf of their political clients.

Additionally, Mark Zuckerburg recently said in a call to reporters that every user of Facebook can assume they have had their data scraped by third parties. All two billion of us.

In the wake of these scandals, there was a lot of public outcry, and Facebook’s stock prices were greatly lowered. Facebook is now scrambling to secure the privacy holes that have been left gaping for so long.

What Next?

In their newsroom update, Facebook’s Chief Technology Officer outlines the main changes they will be making over the next few months:

Soon, apps will no longer be allowed to access the same amount of data related to events, groups, pages, logins, and the Instagram API. Facebook will also restrict the ability to search phone numbers and email addresses. Doing that should help prevent malicious actors from searching and scraping public profiles based on information they already own.

If you have an Android device, Facebook would keep track of call and text history, such as the date and time of calls. They say the reason for doing this was to keep those closest to you at top of your contact list. The new plan for storing call history is to only “upload to our servers the information needed to offer this feature”.

You’ll soon have easier access to your apps, and a better understanding of the information you are sharing with these apps. Facebook stated, “People will also be able to remove apps that they no longer want. As part of this process we will also tell people if their information may have been improperly shared with Cambridge Analytica.”

To read the entire update at the Facebook Newsroom, please visit https://newsroom.fb.com/news/2018/04/restricting-data-access/

Photo Credit: Book Catalog

CategoriesData BreachesNewsSecurity

Panera Bread Ignored Data Breach Warning, Said it was a “Scam”

Panera Bread has suffered a major data breach, affecting potentially 7 million customers. The data is said to include names, email addresses, and credit card information. What’s worse – the data could have been crawled and indexed with simple automated tools.

This wasn’t news to those at the top at Panera Bread. Last summer, a security researcher told Panera Bread that their website was exposing this sensitive data. When Panera was made aware of the flaw, they dismissed it as a scam or sales pitch. After months of the flaw continuing to be exposed and unpatched, the security researcher decided to go public with evidence of the vulnerability.

“I am not exaggerating when I say you have a massive sensitive data exposure issue,” he said, “and I’d simply like you to be made aware of it so you can quickly resolve it.” -researcher Dylan Houlihan (in response to Panera Bread maintaining that he was giving a sales pitch).

Panera Bread is now downplaying the security of the breach, telling Fox News they have secured the breach and only ten thousand records were exposed. Krebs on Security is not buying it, especially considering Panera’s commercial division which serves countless catering companies which may run on the same software.

As of this writing, Panera has not made any statement on their website (it was recently taken down) nor on Twitter about the breach.

Photo Credit: Mike Mozart