To allow easier data access, and a new way to navigate more than 240 billion photos and more than a trillion connections among its users, Facebook recently announced Graph Search.
While Graph Search is described as a way to allow people to make new connections, it's undeniably a powerful tool for unearthing a wealth information in a highly accessible manner. You could call it stalker's heaven.
"Harvesting this information prior to Graph Search would have involved hours to days to weeks of painstakingly manual reviews. Additionally, the data would soon become dated and require periodic rescanning. Scripting could help automate some of this activity, however this is often a difficult task due to constantly changing environments. Now with the advent of Graph Search anyone can instantly discover the goods within seconds," said Salvador Le Grec, founder of NovaInfosec.com.
I've composed a few searches and got embarrassing results in just a few minutes. Want to know how many employees in one of the world's biggest software companies like malware? Tons. How about how many in the same company like soft drugs? Even more. These are their private profiles but it doesn't look good for the brand, does it?
The enterprise threat
While plenty of organizations forbid the use of social networking in the workplace, not many can outright forbid their employees to indulge in such online activities in general. The problem lies in the fact that the exposure of personal information can impact not only the individual, but also the company they work for.
"Graph Search could potentially unveil employees' positions and interests that are contrary to an organization’s overall image," said Josh Chin, CyberSecurity Consultant at Net Force. The crux of the problem lies in the fact that a great number of users don't bother using any of the protection settings and leave their data open to everyone.
"Searching for pictures of employees that work at a certain company will yield pictures of friends, friends of friends and in cases even more. If some of these pictures are considered inappropriate it may put the company and the employee at more of a reputational risk," comments Tom Eston, Manager, Profiling and Penetration Team at SecureState.
Protect your privacy
It's clear that everyone should review and adjust their privacy settings in order to restrict the uncovering of sensitive data in Graph Search. Tim Senft, Founder of Facecrooks, recommends the following settings:
1. Restrict “Who can look me up?” to just Friends.
2. Don’t let search engines link to your Timeline.
3. Review all of your posts and things you’re tagged in.
4. Limit who can see your future posts.
What about data access? Alex Doll, CEO of OneID, believes users should turn on Login Approvals. While not the endgame, functions that require a code from a second device such as a cell phone make it harder for attackers to access your data.
Using Facebook responsibly comes down to common sense and data hygiene. "You should use Facebook as if anything that you posted there was available to everybody in the world, and as if there were people actively going through your information in order to see how to sell things to you or worse," according to Dominique Karg, Chief Hacking Officer at AlienVault.
Check your privacy settings and be cautious with the data you share, you never know who can misuse it. For detailed information on how to lock down your Facebook account, I invite you to read this Facecrooks article as well as Rik Ferguson's blog post.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.