A Hacker’s Dream

Social media sites have a responsibility to protect data on their network.

popularity

There has been a lot of discussion about social media sites and security lately. To be fair, much of the problem lies with the users. But at the same time, these sites have some fiduciary responsibility to protect data on their network.

What differentiates this recent spate of attacks is that they were deliberate, top-shelf black hat stuff. Most social media hacks are much less sophisticated and are “hacks of opportunity.”

Just recently there was a study on how too much information on Facebook becomes a hackers’ dream. The study really just confirmed what we already knew – the more your data is out there, the greater chance that you will be hacked. That seems obvious enough, but the majority of social media users still haven’t taken heed. The more data that is out there, the more opportunity is out there.

Now that the obvious has been presented, to get the discussion started, let’s drill down a bit.

In my last blog I talked about liability, and who should be liable for what. Stupidity isn’t a crime so there are some sliding scales here. But you can’t use that excuse for every hack or breach that some dummy put a picture on some social media site of a cool credit card design,and didn’t redact the numbers. Social media, by its nature, is a fertile hunting ground for hackers and they know it.

For example, besides typical SEO poisoning, cyber-criminals use social networks to spread scams based on search interest. Another breach involves malvertising. This is the case where social media sites put advertising on their pages that contain some sort of e-threat. The ad platforms also host fraudulent and malicious ads from Web categories that seem to copy spam patterns. The list goes on and on and these are exactly the type of schemes that needs to be contained by the social media platforms. They have the technology, just no reason to implement it because it might “inconvenience” users or slow the system. Nonsense.

But the thing that irks me the most, and the primary reason I don’t do social media, is that social media sites have a nasty habit of tracking you. That means that everywhere you go through the social media interface becomes a possible security breach if the site doesn’t secure the I/O — and they don’t. That falls on the responsibility side of the provider, not the user. Europe has realized that. Unfortunately, the problem is much, much bigger.

As the IoE evolves, the amount of personal data that will be out there is incomprehensible. I just read that Amazon is putting together technology that will allow your washing machine to automatically order detergent when you are almost out — transparent to the user, except for the notification that it was done. And Amazon, and everyone else, is plugged into social media so there is a vector for cross-pollution there.

The debate over social media security is far from over. Truthfully, I don’t see any real solutions out there except to make the social media sites responsible for damages caused by their lack of security. These sites need to swallow the bullet. Yes, they will be slower, clumsier and maybe frustrating, but our data will be safer. And yes, people will get used to it and technology will come to the rescue to fix the deceleration issues—eventually. It always does. Weigh in on this and let’s chat.