The Social Media Law Blog is a forum for lawyers, compliance personnel, human resources managers, and other professionals who are struggling with the legal implications of social media across a broad variety of topics. Working professionals and Bloomberg BNA editors may share ideas, raise issues, and network with colleagues to build a community of knowledge on this rapidly evolving topic. The ideas presented here are those of individuals, and Bloomberg BNA bears no responsibility for the appropriateness or accuracy of the communications between group members.
Friday, March 1, 2013
by Katie Johnson
Social networking companies Facebook Inc. and Twitter Inc. are among several major companies that have admitted recently to being the victims of cyber-attacks.
Facebook Security revealed Feb. 15 that the company's systems were targeted in a "sophisticated" attack in January. When Facebook employees visited a compromised website, the website allowed malware to be installed on the employees' laptops, the company explained. "We have no evidence that Facebook user data was compromised in this attack," the company said.
Twitter Director of Information Security Bob Lord said Feb. 1 that the company identified unauthorized attempts to access Twitter user data. Lord called the attackers "extremely sophisticated." Unlike in Facebook's case, "the attackers may have had access to limited user information-usernames, email addresses, session tokens and encrypted/salted versions of passwords-for approximately 250,000 users," Lord said.
Both Facebook and Twitter said they believed that they were not the only companies subject to such attacks. For example, Microsoft Corp. confirmed in a Feb. 22 post that it was the victim of a similar attack.
Meanwhile, computer security firm Mandiant Corp. Feb. 19 released a report asserting that the Chinese government is involved in a major cyber-espionage campaign to steal sensitive data from organizations around the world.
The issue of cyber-attacks also has been receiving increased attention from the White House and Congress. On Feb. 12, President Obama signed an executive order directing federal agencies to develop voluntary cybersecurity standards for critical parts of the private sector and to consider proposing regulatory steps.
After failed attempts to pass cybersecurity legislation in 2012, several committee chairmen in the House and the Senate are pushing for action in Congress. For example, House Intelligence Committee Chairman Mike Rogers (R-Mich.) reintroduced a bill (H.R. 624) that would improve cyberthreat information sharing between the government and the private sector.
The source of the attacks on Facebook and Twitter-whether sophisticated cybercriminals, state-sponsored hackers, or others-is unclear. But these cyber-attacks on major players in the internet realm highlight the need for collaboration to prevent future breaches. "It is in everyone's interests for our industry to work together to prevent attacks such as these in the future," Facebook said.
Copyright 2013, The Bureau of National Affairs, Inc.
You must Sign In or Register to post a comment.
I’d Like to Add You to My Professional Network
Two Companies Request FTC Review of Proposed COPPA Parental Consent Methods
MacArthur Foundation to Decline Facebook Settlement Funds
More Transparency on National Security Requests?
BBNA Social Media Portfolio Available