Question

Case Study 1 (Hundreds of millions of social media accounts compromised by data breach) Published on August 18, 2020.

Security researchers have discovered an exposed database online which contains scraped data from the social media profiles of nearly 235m social media users. For those unfamiliar with the practice, web scraping is an automated technique used to gather data from websites that is often employed by analytics firms who use it to create large databases of user information. Although the practice is legal, it is strictly prohibited by social media companies as it puts the privacy of their users and their data at risk.

Comparitech's lead researcher Bob Diachenko discovered three identical copies of the exposed database online at the beginning of August. After examining the database, Diachenko and his team learned that it belonged to a company called Deep Social which has shut down its operations. When the team reached out to the now-defunct company, its request was forwarded to a Hong Kong based firm called Social Data. While Social Data denied having any connection to Deep Social, the firm did acknowledge the breach and was able to secure the exposed database with a password.

Q1. While scraping user data from social media sites is not illegal, failing to secure this data after it has been collected poses a serious risk to the affected users as cybercriminals could use the information from the database to target them online. What are your recommendations to the online risk policy makers as you think it is a breach of PII (Personal Identifiable Information). Justify your answer. Explain the need for cybersecurity experts in such a case scenario. [5 marks + 4 marks + 1 mark for Referencing Style = 10 marks]

Answer 1

Cyber Security

A cyber attack is accessing data without the knowledge of a user and this data may be used for some illegal activities.

While we are using data in the social media site or any other platforms there is a possibility of data breach.

Data Breach is an incident in which information is accessed without authorization. Due to such cases we may lost our personal information, financial data like credit card, debit card details, online banking data etc.

These data Hackers seek personally identifiable information to steal money, compromise identities, or sell the data over the dark net.

Normally a data breach can occur these ways:

1. Exploiting the system vulnerabilities.

If our system has an out-dated software, then it creates a hole to attacker to attack easily for stealing the data.

2. Weak Passwords.

If we are using simple or predictable passwords for the hacker, then it is easier to hack our system. That is the reason to choose a strong password in all situations.

3. Drive by downloads.

If we download anything on the internet. It may be a virus or malware. Or it contains virus attacks. In some cases, the hacker can easily enter into our system even if we have some less fault.

4. Targeted Malware Attack.

Normally an attack is occurred through our email account. These types of mails are mostly spams. So, the best action is to recommend not to open any mails with unknown sender.

Data Scrapping is also known as Wed scrapping is the process of importing information from a website into a spreadsheet or local file saved on your computer. This is the most efficient way to get data from the web. And the scrapper use these data or sell the data for any kind of misuse activities.

The data breach and data scrappers are make the user data in an unauthorized way like money looting, stealing of data and kind of terrorist activities.

So, a Cyber security experts can identify these risk and also reduce it from the root level. these experts use efficient mechanism for avoiding such types of attck from the attcker.