Facebook’s Data Breach

On Friday September 28, Facebook notified users worldwide that they had experienced a breach in data regarding login tokens. It was estimated that nearly 50 million accounts were compromised, with the potential of an additional 40 million accounts in question; totaling to nearly 90 million accounts affected. In a statement made on the social media company’s newsroom, Guy Rosen, VP of Product Management at Facebook, said the following:

“First, we’ve fixed the vulnerability and informed law enforcement. Second, we have reset the access tokens of the almost 50 million accounts we know were affected to protect their security. We’re also taking the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a ‘View As’ look-up in the last year.”

To clarify, an access token is not the same thing as your password, but rather a digital key. This “key” allows you to remain logged into an account without having to re-enter your password each time you visit the website. Additionally, Facebook utilizes a system known as single sign-on (SSO), which creates new access tokens to verify your credentials when using your Facebook login information to login to a third-party website.

Those whose accounts were affected were notified by Facebook upon login that their access tokens had been compromised and changed, explaining what had happened (data breach), noting that any other application they logged into with Facebook would need to be reverified.

When Facebook publicly broke the news of this data breach, not much was known about the hack in terms of who did it or why they targeted access tokens. To date, there’s still a lot of gray area surrounding the matter, but cyber security experts and even members of national security organizations around the world have spoken up and offered insight, advice and potential next steps; connecting the dots to yet another bump in Facebook’s road to recovery from the Cambridge Analytica breach that took the world by surprise this past March.

However, this breach was different than that of any in recent times; including the Cambridge Analytica ordeal. Here, hackers took advantage of several vulnerabilities within the structure of Facebook, and engineers at the social media giant noticed unusual activity as early as September 11; nearly two and a half weeks prior to announcing anything to the public. With this data breach, there weren’t any social security or credit card numbers stolen; or even passwords, for that matter.

That may be the most underrated yet detrimental part of the breach as a whole. Since once-trusted methods of authentication like your social security number or drivers license number are seldom used anymore, many institutions have moved to gathering personal information — like your mother’s maiden name or the city you were born in — to verify your identity. This is information that can be easily found if someone had your access token for your Facebook account.

For business pages, it’s well-known that the only way to set these pages up is through one’s personal Facebook account. With access to possibly 90 million access tokens, these hackers may have also had access to various business pages, or the information regarding them; all pieces that can add up to a compromised business and personal Facebook page.

However, if you did not receive a notification after logging back into Facebook following this breach explaining what had happened and the steps they took to secure the site at a high-level; your account was likely not involved or compromised. Although this breach was one of access tokens and not your passwords; it’s generally wise to reset passwords after a breach of any kind.

Additionally, keeping information regarding yourself, your business and/or your customers that you don’t want publicly shared off of Facebook is a step in the right direction. Hackers of the digital age are crafty, making it harder to pinpoint just how they’ll use the information they’ve gathered. It’s best to be safe on a personal and business front than to run the risk of fighting an uphill battle to regain your reputation.

Adapting to Facebook’s ‘Recommendations’

A month before news about Facebook’s data breach broke, the social media platform officially rolled out their new ‘Recommendations’ rating system. Adapting to change is often a difficult feat. Then you place the change within the online review sector of the digital world that’s well-adjusted to a numerical and star-rated scale, and it’s a bit more challenging to accept and adapt to.

One of the main questions surrounding recommendations is how exactly the numerical rating is calculated on Business Pages. The only information Facebook provides regarding the matter is that this number is calculated based on multiple sources, including previous reviews with numerical ratings and recommendations. Facebook hasn’t released any information regarding how a numerical value is placed on a recommendation (or lack thereof). Surely, the vagueness behind the calculation of this overall rating on a 5-point scale, with 5 being the best, is off-putting and frustrating to a point for businesses and those who run their social accounts, like Facebook.

A potential reason behind Facebook’s lack of detail on these ratings could be rooted in their desire for authenticity in the feedback provided on the platform. If they told users and business owners exactly how these numbers were calculated, it could open the door for manipulation of recommendations; the exact opposite result Facebook was hoping for by implementing this new way to gauge customer’s experience and receive their feedback.

What’s a business, such as yours, to do? Simple: accept the change, and learn the benefits of adapting to this new forum of feedback. Though star ratings are still highly prevalent on a multitude of platforms across the web, if  you’ve ever utilized the wonderment that is Amazon; you’re probably familiar with the importance of actually reading the reasons behind a 1 or 5-star review.

Why?

Consumers have various reasons for disliking or raving about a product or service; ones that you may not personally justify as a deal-breaker if it’s a 1-star review. The same theory could apply to a 5-star review. In the context of that review, the consumer could say anything. The product or service may have been terrible, but the customer service they received from the company at hand justifies an extra star or two.

The thing is, people have different views on what constitutes a 5-star review versus that of a 1-star. However, the key benefit to Facebook’s Recommendations is that this “what if” factor has been removed; or that seems to be their goal, at least. The great thing about Recommendations is that a user cannot simply just click, “Yes” or “No” when asked, “Do you Recommend ____?”.

Now, there’s a minimum character count; making it more difficult for inauthentic feedback to be given. This is something your business, regardless of size, should take advantage of. The idea of gathering valuable and honest feedback is not only beneficial to the 2 of 3 customers using Facebook to look up local businesses at least once a week; but to your business and it’s employees, as well.

The utilization of Recommendations has the ability to create higher engagement between your target market, current customers and your employees, too. By gathering authentic and transparent feedback in one place — your Facebook Business Page—you’ll be able to capture pain points of consumers. If one of your employees was named in a recommendation, you can either acknowledge them for a job well done, or open the door to a conversation regarding the situation in question.

Overall, it’s an adjustment, and not knowing exactly what goes into that 1-5 rating that’s publicly viewable by anyone who stumbles upon your page can be unsettling. However, when you step back and look at the big picture, it’s easier to adjust to this change and see the good it can bring to you, your team, your business and most importantly — your customers.

Lee McNiel