Social Media

Twitter Says Change Your Password

Posted on by Andy Miller

Twitter has advised all users to change their passwords after a bug caused the passwords to be stored in easily readable, plain text on an internal computer log.

The Bug – Passwords Visible Before ‘Hashing’

Twitter reported on their own blog that the bug that stored passwords had been ‘unmasked’ in an internal log. The bug is reported to have written the passwords into that internal log before Twitter’s hashing process had been completed.

The hashing process disguises Twitter passwords, making them very difficult to read. Hashing uses the ‘bcrypt’ function which replaces actual passwords with a random set of numbers and letters. It is this set of replaced characters that should be stored in Twitter’s system, as these allow the systems to validate account credentials without revealing customer password.

Millions Affected?

The fact that the passwords were revealed on an internal server, albeit for what is estimated to be for several months, and that there appears to be no evidence of anyone outside the company seeing the passwords, and no evidence of a theft or passwords turning up for sale on hacker site, indicates that it is unlikely that many of the 330 million Twitter users have anything real to fear from the breach.

Big Breaches

In this case, Twitter appears to have behaved responsibly and acted quickly by reporting the bug to regulators, fixing the bug, and quickly and publicly advising all customers to change their passwords.

Twitter’s behaviour appears to be in stark contrast to the way other companies have handled big breaches. For example, back in November 2017 Uber was reported to have concealed a massive data breach from a hack involving the data of 57 million customers and drivers, and then paid the hackers $100,000 to delete the data and to keep quiet about it.

Breaches can happen for all kinds of reasons, and while Twitter’s breach was very much caused and fixed by Twitter internally, others have been less lucky. For example, an outsourcing provider of the Red Cross Blood Service in Australia accidentally published the Service’s entire database to a public web server, thereby resulting in Australia’s largest ever data breach.

What Does This Mean For Your Business?

If you have a Twitter account, personal or business, the advice from Twitter is quite simply to change your password, and change it on any other service where you may have used the same password. Twitter is also advising customers to make the new password a strong one that isn’t reused on other websites, and to enable two-factor authentication. You may also want to use a password manager to make sure you’re using strong, unique passwords everywhere.

In this case, Twitter has acted quickly, appropriately and transparently, thereby minimising risks to customers and risks to its own brand reputation. Twitter will want this message of responsibility to be received loud and clear, particularly at a time where GDPR (and its hefty fines) is just around the corner, and a time when other competing social networks i.e. Facebook have damaged customer trust by acting less responsibly with their data through the Cambridge Analytica scandal.

Facebook Loyalty Intact Says Survey

Posted on by Andy Miller

Even after all the publicity surrounding Facebook’s selling of the personal data of 87 million users to Cambridge Analytica, a Reuters/Ipsos survey has found that most users are still loyal to the social media giant.

Just A Public Relations Problem

The survey conducted April 26-30 was based in the US, the home country of Facebook and the place where the vast majority of those whose data was sold live. Far from indicating that any users have been outraged by the selling of their personal data property without their permission, the survey appears to show that Facebook has so far suffered no ill effects from the scandal, other than a public relations headache.

A Quarter Using Facebook More!

The survey showed that half of US Facebook users said they had not recently changed the amount that they used the site, and, incredibly, a quarter of those surveyed said they were using it more!

The remaining 25% said that they were using it less recently, had stopped using it, or deleted their account.

64% of those surveyed said they still used Facebook at least once a day, down only slightly from the 68% recorded in a similar poll in late March.

The results appear to show, therefore, that the numbers of those using Facebook more has balanced out the numbers of any respondents who said they used the platform less, meaning that, according to the survey, Facebook appears to have suffered no real damage other than a PR hit from the scandal.

Wait Until 2nd Quarter

Facebook actually showed a near 50% increase its sales in the first quarter of this year, with profits up to $4.9bn from $3bn last year. Some commentators have stressed, however, that any of the financial effects of the scandal are likely to be evident in the second quarter.

Cambridge Analytica Closed

While Facebook, a social media giant, appears to have suffered no real damage other than a PR hit, Cambridge Analytica has been forced to go into liquidation blaming negative media attention. Some commentators have pointed out that Cambridge Analytica portrayed themselves as victims of unwarranted press activity, thereby deflecting blame from their activities involving the use of the personal data of millions to influence election and referendum outcomes.

Trusted With Dating Information?

It may appear that customer loyalty is still intact to a large extent now, but the next test for Facebook could be whether customers will trust them with their privacy when Facebook rolls out its dating service app later this year.

What Does This Mean For Your Business?

This story shows what many tech commentators had predicted – that the fact that Facebook was so much a part of peoples’ daily routine with no real alternative among the other social media platforms, that it could weather the storm and come out the other end with little real impact on its user numbers. It seems strange that, even though customers personal details were harvested and sold to a third party, without the permission of users, and then used to potentially influence how they voted in the US election (and in the Brexit referendum in the UK) that very few people appear to be prepared to see that as grounds to reject Facebook and the service and value that it offers in their lives.

People actively use Facebook as an integral part of their friendship networks and as a source of news, thereby allowing it unprecedented access to their personal lives and interests, as well as allowing it to help shape their view of the world, and it may be this investment and yes, loyalty, that has allowed them to apparently forgive Facebook for its part in the scandal, and to allow the value that Facebook offers in their lives to outweigh Facebook’s indiscretions.

From a business point of view, this shows how powerful loyalty can be, especially if a service can offer value that links strongly to ‘self’ and things that have emotional and personal connections and importance, and allow and enable real engagement.

Cambridge Analytica Ordered To Turn Over All Data On US Professor

Posted on by Andy Miller

The UK data watchdog, the Information Commissioner’s Office (ICO), has ordered the consulting firm Cambridge Analytica to hand over all the personal information it has on US citizen Professor David Carroll, or face prosecution.

Demand Made in May 2017

The consulting firm, which is reported to have ceased operations and filed for bankruptcy in the wake of the recent scandal involving its access to and use of Facebook users’ details is facing the Enforcement Notice and possible legal action (if it doesn’t comply) because it has not fully met a demand made by Professor Carroll early last year.

Who Is Professor David Carroll?

David Carroll is a professor at the New School’s Parsons School of Design. Although Professor Carroll is based in New York and is not a UK citizen, he used a subject access request (part of British data protection law) to ask Cambridge Analytica’s branch in the UK to provide all the data it had gathered on him. With this type of request, organisations need to respond within 40 days with a copy of the data, the source of the data, and if the organisation will be giving the data to others.

It has been reported that Professor Carroll, a Democrat, was interested from an academic perspective, in the practice of political ad targeting in elections. Professor Carroll alleges that he was also concerned that he may have been targeted with messages that criticised Secretary Hillary Clinton with falsified or exaggerated information that may have negatively affected his sentiment about her candidacy.

Sent A Spreadsheet

Some weeks after Professor Carroll filed the subject access request in early 2017, Cambridge Analytica sent him a spreadsheet of information it had about him.

It has been reported that Cambridge Analytica had accurately predicted his views on some issues, and had scored Carroll a nine 9 of 10 on what it called a “traditional social and moral values importance rank.”

What’s The Problem?

Even though Carroll was given a spreadsheet with some information, he wanted to know what that ranking meant and what it was based on, and where the data about him came from. Cambridge Analytica CEO Alexander Nix told a UK parliamentary committee that his company would not provide American citizens, like David Carroll, all the data it holds on them, or tell them where the data came from, and Nix said that there was no legislation in the US that allowed individuals to make such a request.

The UK’s Information Commissioner, Elizabeth Denham, sent a letter to Cambridge Analytica asking where the data on Professor Carroll came from, and what had been done with it. Elizabeth Denham is also reported to have said that, whether or not the people behind Cambridge Analytica decide to fold their operation, a continued refusal to engage with the ICO will still potentially breach an Enforcement Notice, and it will then become a criminal matter.

What Does This Mean For Your Business?

Many people have been shocked and angered by the recent scandal involving Facebook and its sharing of Facebook user data with Cambridge Analytica. The action by Professor Carroll could not only shed light on how millions of American voters were targeted online in the run-up to the 2016 election, but it could also lead to a wider understanding of what data is stored about us and how it is used by companies and organisations.

The right to request personal data that an organisation holds about us is a cornerstone right in data protection law, and this right will be brought into even sharper focus by the introduction of GDPR this month. GDPR will also give EU citizens the ‘right to be forgotten’, and has already put pressure on UK companies to put their data house in order, and prepare to comply or face stiff penalties.

This story also shows that American citizens can request information from companies that process their data in the UK.