Meta is a technology behemoth that’s constantly under attack. And unfortunately, it has a long list of security events resulting in the loss of user data.
Keep in mind Meta attracts top-caliber software engineers. As the first letter of the envied FAANG / MAANG acronym, it’s an institution employing the best of the best.
So, when the recent news broke loose about phone numbers of 500 million WhatsApp users being up for sale, it should’ve been a shocker. But somehow, it wasn’t.
Meta / Facebook Security History
Meta (including its Facebook and WhatsApp subsidiaries) has a long list of data breaches. They also have an extremely active bug bounty community, including one man who’s hacked them over 100 times.
In fact, just yesterday, Meta was fined $275 million for a similar data breach. Over 550 million user records appeared for sale on a hacking forum. Those records were scraped from Facebook in 2019, which is a trend for Meta.
WhatsApp Data Breach
The most intriguing part of this recent breach is yet to be revealed: How was the user information gathered?
The prevailing theory is that this list was scraped (a simple procedure that’s disallowed by WhatsApp’s Terms of Service).
Other common data extraction methods include:
Everything is speculation at this point, so we’ll wait for the post-mortem to be released.
Meta Data Breach Root Causes
Criticism towards Meta and its subsidiaries for not adequately protecting their users’ information is frequent. But, if you review their past breaches, a trend emerges:
The data breaches at Meta originate from innocent mistakes by their engineers. And often, these vulnerabilities sit idle for years before they’re discovered and exploited.
If a company with top-tier talent (and safeguards to match) lacks production visibility, then isn’t everyone at risk?
Solving the Software Visibility Gap
Visibility gaps in live applications continue to cause data breaches all over the software world. Breaches aren’t a Meta-exclusive problem.
I’ll publish an update to this story after the post-mortem. In the meantime, take a look at how ASPM can help your organization gain a clear understanding of your sensitive data flows and overall security posture.