Facebook users can strengthen their accounts’ privacy settings by making their profile as private as possible and refraining from giving private information in posts that are accessible to everyone, said experts.
This is in the wake of the country’s cyber security agency CERT-In advising Facebook users to strengthen their account privacy settings following a recent global data scraping incident on the social-media platform which affected lakhs of Indians.
“It is important for users of social-media applications to use the privacy settings available to secure their communications by restricting access. Publicly available data often poses a risk and could be used by cyber criminals for social engineering. Users should make sure that posts that are accessible for everyone do not have private information that can be misused by cyber criminals,” Prasanth Sugathan, legal director, SFLC.in, told BusinessLine.
“Data scraping refers to the process of using automated software to harvest public information from sites, such as name, city, occupation, relationship status. Thus to protect against data scraping, it is important that users make their profile as private as possible, only make public as much information as is absolutely necessary, turn on login alert and enable two-factor authentication,” said Krishnesh Bapat, Centre for Communication Governance Digital Rights Fellow at Internet Freedom Foundation.
We also need a proper recourse mechanism in such cases, said Bapat. “Given the quantum of data they deal with and the sensitivity of the data, Facebook should be ‘strictly liable’ for any sort of a breach,” he says.
There have been many instances of data breaches recently, and these instances show how vulnerable Indians arewithout a proper data protection law that provides recourse in case of any harm caused by such breaches, Sugathan pointed out. In many cases, the companies don’t even report these breaches resulting in the users being exposed to further harm, he added.
“It has been reported that globally there has been a large scale leakage of Facebook profile information. The exposed information includes e-mail addresses, profile ID, full name, job occupation, phone numbers and birth date. According to Facebook, the scraped information does not include financial information, health information or passwords, however, information from more than 450 million unique Facebook profiles globally, including approximately 61 lakh Indian individuals, has been made publicly available in multiple cyber criminal forums for free,” said CERT-In in a public advisory issued on Monday