Facebook, the social media giant is set to face a fine of up to £1.25 billion after revealing that 50 million user accounts were compromised on Tuesday 25 September, with affected users being notified via their Facebook accounts.

This recent data breach has been established as the largest security breach Facebook have faced. It is also one of the more severe breaches, as the hackers obtained “access tokens”, which are a form of security key allowing users to browse Facebook on numerous devices without entering a password.

Obtaining these “access tokens” allowed the hackers to gain full access to a user’s account, including third party applications.

Facebook’s CEO, Mark Zuckerberg addressed the security breach, stating:

According to the Irish Garda National Cyber Crime Bureau, there has been a recent increase of cyber crime involving criminals utilising social media to hack user data. They are doing so by checking when a customer contacts their banks and then posing as the bank in order to obtain their data.

Detective Superintendent, Michael Gubbins stated the cyber criminals utilising social engineering to hack data is “at the very top”of potential threats. He also discussed how these threats are becoming harder to detect, due to the increase in what is known as “fileless” malware, which is not stored within the hard drive but in RAM, a temporary storage space, and therefore harder to track.

He also discussed how crypto-currency such as Bitcoin has enabled a new wave of cybercrime, as criminals target users in order to obtain their digital currency.

Industry group, UK Finance have discovered that customers of UK banks have had more than £500m stolen from their accounts at the start of this year. This consisted of £358m being lost to unauthorised fraud and £145m being obtained through authorised push payment (APP) scams. The difference being banks usually refund unauthorised fraud victims, whereas APP victims are rarely refunded.

At the start of 2017, APP scams hit a total of £101m, and this number has now shown an increase of £44m, since four more banks reported fraud data.

UK Finance’s managing director for economic crime, Katy Worobec discussed how the new figures highlighted fraud as a top “major threat” in the UK. She also stated that the money obtained from bank accounts are used to fund terrorism, people smuggling and drug trafficking.”

Following Google’s announcement this week (8 October 2018) regarding a data breach in 2015, they have temporarily shut down their social network Google+, where a security bug enabled third party developers to gain access to user data, potentially affecting around 496, 951 Google+ users.

The announcement on Monday was the first time Google discussed the breach, which although occurred three years ago, was not exposed and remedied until March 2018. Google’s reasoning for late exposure was relayed in an internal memo, which discussed the avoidance of “regulatory interest”, and potential comparisons to Facebook’s Cambridge Analytica scandal.

The bug may have allowed third party developers to gain access to usernames, email, gender, data of birth, location, pictures, as well as occupation and relationship status. However, there is no concrete evidence to confirms this (as Google only holds API data for two weeks) therefore they cannot determine how many users were exposed. Google have advised that there was “no evidence that any profile data was misused” as well as there being “no evidence that any developer was aware of this bug, or abusing the API”.

Experts believe that the greatest threat to an organisation is not its lack of cybersecurity, it is actually the employees who tend to cause the most damage.

This comes after 77% of survey respondents indicated that regardless of training and adherence to company policies, it is actually employees that are the main source of cyber-attacks, as they may be unaware of the warning signs. Therefore, it is vital that companies improve cybersecurity training by implementing ways for staff to protect, as well as how to conduct themselves online, especially on social media.

As social media is an integral part of engagement - and with that comes an inherent level of trust - meaning it is vital that everybody is aware of what is safe when positing content. This is particularly the case for employees who are responding to their customers, as they must be aware of online actors who utilise fake accounts in order to pose as customers and purposely target staff and the organisation.