In this issue:
- How to know if your Facebook data was affected by the Cambridge Analytica Leak
- Emerging threat: New business scam alters EMV-cards
- Cybersecurity shorts
How to know if your Facebook data was affected by the Cambridge Analytica leak
In last month’s newsletter, we ran a piece explaining the Facebook/Cambridge Analytica data leak and gave some suggestions on how you can limit the data you share with Facebook. This month, Facebook began notifying users on whether or not their information was exposed in the scandal. If you or one of your Facebook friends downloaded the app, “This is Your Digital App” earlier than 2015 your data may have been collected by Cambridge Analytica.
Some users may have seen an alert at the top of their Facebook newsfeed when logging in over the last few weeks. This notice informed people who were affected by the leak. All users, however, can manually check to see if their data was exposed.
Facebook has set up a new help page for all users. By clicking here you can see if your data was shared via the “This is Your Digital Life App.” The page also walks you through the steps to see what third-party apps have access to your data and gives you the opportunity to delete the apps you no longer want or edit the permissions given to certain apps.
If you were one of the 87 million people that potentially had their data exposed, unfortunately, there is little that can be done now—the data has already been exposed. This is a good time, however, for all Facebook users to review their Facebook settings and delete unnecessary third-party apps. Going forward, users can make new accounts on third-party sites rather than more quickly logging in with their Facebook account. Not linking new accounts with your Facebook profile will limit the amount of information shared with the social media platform.
What data does Facebook have on me?
If you are curious, you can download all of the data Facebook has on you. Many journalists and security experts have done so and have been surprised at the amount of data being stored. For example, some Android users who have the Facebook app installed on their phone discovered that Facebook had their call and text message logs. This information was granted to Facebook if you linked the contacts on your Android phone to the Facebook mobile app a few years ago. Since then, Facebook has made the request for this information more explicit.
If you would like to download your Facebook data, go to the Settings page from your Facebook account. On the General Account Settings page, you will see the option to download your data on the bottom. Click on that and you will be sent an email to confirm the request, and then your data will be sent to you.
Since downloading their Facebook data, many users have decided to delete their accounts. While this may be a good option for you for personal reasons, it is important to realize that your data will likely still be out there. Facebook itself can store your data for up to three months after you delete your account. Any data you shared with friends on Facebook who still have accounts will be saved and third-parties or advertisers who have gotten your information from Facebook in the past will still have it. Facebook also owns other apps such as Instagram and Whats App. Other online giants such as Google and Apple also have a lot of information on you.
In this day and age, ample information on us is held by online companies and advertisers. In many ways, it is part of being a member of the online community. The Cambridge Analytica/Facebook scandal is a good reminder to us all to be more mindful about the information we share online.
Emerging threat: New business scam alters EMV-chip cards
The U.S. Secret Service has discovered a new scam targeting large corporations. Criminals have been intercepting chip-enabled debit and credit cards as they are mailed from financial institutions to corporations. The envelopes are opened and the chip is removed and replaced with an invalid chip. Then, the cards are sent to the corporations and the stolen chips are installed on old payment cards for the fraudsters to use. Read more details on the scheme here.
Cybersecurity shorts
Credit card companies stop requiring signatures saying it does little to reduce fraud.This month, the four major credit card companies (American Express, Discover, Mastercard, and Visa) have phased out the requirement for consumers to sign a paper receipt or electronic monitor. Experts say that this change has come about because most merchants do not check the signature against the signature on the card itself, making the process useless when it comes to detecting fraud. The companies explain that technology has advanced enough to detect fraud in better ways.
High-end department stores, Saks Fifth Avenue and Lord & Taylor, hit with data breach exposing credit and debit card numbers of shoppers. Hudson's Bay Co., the parent company, says that payment card readers at certain stores were hacked. As of now, the company believes that only payment card data was exposed and affected customers will be contacted after the investigation. According to experts, 125,000 of the stolen cards are currently for sale by hackers.
Panerabread.com exposes records of millions of online customers for at least eight months after being alerted to a problem by security researcher, Dylan Houlihan. The bakery-café chain's website contained a flaw that allowed anyone to access customer data off of the site—including names, email addresses, delivery addresses, last four numbers of payment cards, and more. Houlihan discovered the issue in August of 2017 and immediately contacted Panera but the messages were dismissed as a scam. The next week, Panera said they were working on a fix. However, eight months later, the website had not been fixed and Houlihan contacted security writer Brian Krebs. After Krebs exposed the leaky website, it was taken offline and fixed.
Cambridge Analytica impacted 30 million more people than originally reported, according to new data from Facebook. The social media network upped the number to a maximum of 87 million people that were impacted by the leak. This number was determined by looking at the maximum number of friends users had during the time period. Previous reporting had the number impacted at around 50 million.
Breach of third-party company exposes credit card information of Sears and Delta customers. The company breached offers an online support service and says a data security incident impacted its service between September 16 and October 12. Sears believes that less than 100,000 customers were affected and Delta has released a statement saying only a small subset of customers may have their information leaked.
Think twice before sharing "fun facts" on social media quizzes and posts. Answering questions like "Who was your first grade teacher?" or "What street did you grow up on?" may seem like fun and games but in reality, you are potentially exposing the answers to your security questions. Remember, anyone can see the answer you post—including identity thieves! Read more about the dangers here.
What is your financial fraud knowledge score? The Wall Street Journal created a short quiz about identity theft and fraud. Click here to take the quiz and see how much you know.
Tax identity theft hits some NJ taxpayers through their accountant. Security writer Brian Krebs was alerted to a new keylogger malware that was targeted to CPAs by hackers. He found one CPA in New Jersey that unknowingly had his computer compromised by the malware. The malware recorded everything on his computer as he typed—including the tax information of his clients. You can read more about the story here.
Software updates
Adobe: Once again, Adobe has released updates to its Flash Player fixing two serious security holes. If you still need Flash, be sure to update the program and your browsers as soon as possible. If you do not use Flash, consider removing it from your machine. Adobe is in the process of phasing out the problem-ridden program.
Google: Chrome users should update the browser as Google released Chrome 66 this month. This update introduces cosmetic changes, like the muting of auto-play videos, but also closes over 60 security vulnerabilities. Your browser should notify you to update, but you can learn more about the fixes here.
Microsoft: Microsoft released updates for over 60 security issues this month. The updates affect Internet Explorer, Edge, Office, Windows Defender, and more. Your device should update automatically but you can learn more here.