PETALING JAYA: Vigilance is key to staying safe in cyberspace but for more than half a billion Facebook users in 106 countries, including Malaysia, it may already be too late.

They have likely become targets of cyber bullying and online harassment.

Facebook revealed on Sunday that their accounts had been hacked and their personal information posted on a low-level hacking forum. Such information, including full names, locations, birthdays, email addresses, phone numbers and relationship status, is now available for free.

The fact remains that the threat of hacking and leaking of personal and sensitive information has always been there and for now, cyber security experts say, short of not venturing into cyberspace, vigilance remains the best way to stay out of trouble. As cyber security expert Fong Choong-Fook pointed out to theSun, social media has already become a big part of everyone’s life, so it is quite impossible to stop using it.

“But what we can do as users is to limit what we share and only share what is absolutely necessary,” said Fong, who is chief executive officer of cyber security testing firm LGMS group.

But user vigilance may still not be enough. Fong said data breaches could have also been easily prevented if platforms, such as Facebook, had encrypted the data that they store.

Universiti Sains Malaysia Prof Dr Selvakumar Manickam said the data leak originated from a vulnerability that existed in one of Facebook’s functions. This enabled hackers to leverage on tokens that reveal hidden information.

It has been “floating around” in the dark net for more than a year and has now resurfaced, and is made available for free, making it accessible to virtually anyone with a bit of effort, he said.

“This is rather damaging as all the accounts exposed have the users’ phone numbers, making the task of tracing any user more effortless as harassment and cyber bullying can go beyond social media.”

He added that in Malaysia, this can be more damaging as the leak, coupled with the Malaysian telco data breach in 2017, exposes the user’s identification number and physical address.

To combat this, Selvakumar urged users to be vigilant and advised users to create a bogus email address for registrations on social media platforms.

“There is always the risk of data breach associated with any system that is publicly accessible. This is not the first time such a breach has occurred and there is no guarantee that there will not be another in future.”

He said Facebook and other websites could hire ethical hackers to patch security gaps but users must understand that there is no such thing as zero vulnerability in the system.

Criminologist Shankar Durairaja said that to stay safe, users could omit personal information, as well as set strict privacy settings on social media platforms.

“Users must be proactive in verifying connections to ensure the fake ones are removed. They should also protect their accounts by using strong passwords which must be updated every few months,” he added.

Shankar also suggested that both the management and the relevant staff responsible for the data breach must be held accountable as it is their responsibility to prevent it.

“Governments can play their roles by coordinating internationally with other law enforcement agencies regarding potential cyber attacks against private entities, and taking steps to help prevent potential data leaks,” he said.

Additionally, legal and policy reforms must also be undertaken to ease the collaboration between private companies and the government, to implement various strategies to improve cyber defence and ensure a better ecosystem,
he added.