#WeekendWisdom 074 Data Scraping or Data Breaches

Liam — Fri, 16 Apr 2021 01:15:34 +0000

Welcome to #WeekendWisdom number 74. This week we’re going to talk about Data Scraping or Data Breaches?

https://www.l2cybersecurity.com/wp-content/uploads/2021/04/WeekendWisdom-074-lo.mp4

Why am I asking the question “Data Scraping or Data Breaches”?

In recent weeks, three of the large social media companies have had lots and lots of personal data exposed online by cybercriminals. Now these social media companies are claiming that these were data that were scraped from their services. That this information that is already in the public domain.

These may have been Data Scraping

In the case of Clubhouse which had 1.3 million records exposed and LinkedIn which had 500 million records exposed. Yes all of the data that was exposed is stuff that you can see on their platforms. You can see this information very publicly on their platforms. That’s a reasonable expectation. That’s what you use these sites for.

But my issue here is that LinkedIn and Clubhouse should have done much more. They could prevent data being exposed and scraped like that, in such mass quantities. That stuff can be slowed down. It can be made non-economical.

So yes, that was data scraping, maybe not really a data breach but more should have been done.

But this one is definitely a Data Breach

Facebook, which had 533 million records exposed, this is a different situation. They had my mobile number and I had only given it to them for the purpose of authenticating my log on and I had set it to not expose that information to the public. My mobile number was exposed to the public. So therefore that is a data breach, simple as.

Facebook are being disingenuous with their claim that this was data scraping.

So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.

How can L2 Cyber Security help you?

We offer a full range of training programmes, which can be delivered online or in-person*.

L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training and Phishing testing.

*With appropriate social distancing and other health and safety measures adhered to.

Follow us on Social media:

Liam is available on Twitter, LinkedIn and Instagram.

Follow L2 Cyber on Twitter, LinkedIn, Instagram and Facebook.

The post #WeekendWisdom 074 Data Scraping or Data Breaches appeared first on L2 Cyber Security Solutions.

Facebook Breach – The DPC was very public about it.

Liam — Fri, 05 Oct 2018 15:11:05 +0000

Unless you’ve been living under a rock for the last week, you will have heard about the Facebook breach. This is where the accounts of at least 50 million people were compromised by evil doers. There was another 40 million people who may have been at risk too. Facebook became aware of the breach on Tuesday 25th September and took action by Thursday 27th. This action was to log the 90 million users out of Facebook and make them sign in again. They reported the data breach to the Data Protection Commission (DPC) on Friday 28th September.

As you should know by now, the General Data Protection Regulation (GDPR) requires a business to notify the regulatory authority for data protection within 72 hours of becoming aware of the breach, where there is a risk to the rights and freedoms of the affected individuals. They also must notify the affected individuals if there is a high risk to their rights and freedoms and must do so without undue delay.

Facebook notified both on Friday. They put out a public notice about the breach and the DPC were notified, as confirmed by them earlier this week. Here are some tweets from the Data Protection Commission:

The DPC talked very publicly about the Facebook breach, didn’t they?

And this is what I want to address in this post. This Facebook breach was addressed very publicly by the DPC. I would believe that this is because Facebook is such a huge source of personal data. Also the fact that this story has attracted massive worldwide attention. If they didn’t come out with those tweets, they would have been accused of all sorts of bad practice.

I don’t expect them to be publicly tweeting about a data breach in a small business, which accidentally sent a spreadsheet containing customer personal data to an incorrect e-mail recipient. It’s very important you realise this. I don’t want any business owner, who becomes aware of a data breach which needs to be reported, to decide not to notify the DPC in case they should start tweeting about it.

If you become aware of a notifiable breach, please report it. Unless you are a massive source of personal data, I don’t expect the DPC to tweet about it. It will be dealt with reasonably discreetly.

Want to find out more about data breaches?

I did a short (<2 minute) video on 6 examples of a data breach. If you head over to my YouTube channel you can see an entire video series with more discussion about the different examples of data breaches.

In the meantime, lets be careful out there.

#GDPR #SecuritySimplified

The post Facebook Breach – The DPC was very public about it. appeared first on L2 Cyber Security Solutions.

Facebook breach Archives - L2 Cyber Security Solutions