Resold and Repurposed Data is the Most Vulnerable

People are becoming more aware not only of the security issues related to social media but also the business models that sustain the providers of these networks. As a result, there is a growing appreciation for just how easily personal data can be misappropriated.

Simple example: On Jan. 10, 2012, Google began adding “posts, photos, conversations and profiles from its Google+ social network to search results, a feature it calls Search Plus Your World,” according to a report in The New York Times. Upgrading your Google account with a Facebook-like feature called Google+ enables people who search topics or people to also gain access to related Google+ entries and discover behavior and location information from other Google+ entries, either public, such as performer Mariah Carey, or private, such as some guy inside a Google+ user's circle who likes the new Coldplay album.

Google is under fire over for this feature by the Electronic Privacy Information Center, which sent a complaint to the FCC for violation of privacy just two days after Google integrated its search with Google+.

Only recently has Google been able to bring up results from Facebook. But Google search can only display public pages that let you “Like” the page, not personal Facebook pages that show a Facebook user's age, location or behavior, or that let you request being “Friended” into a Facebook circle. You have to log into Facebook to do that, because as a private company Facebook locks down its servers from Google web crawlers.

However, all this information in Google can be scoured by ad agencies and marketers and even phishing scammers for potential profit. But the bigger threat is the direct sale of information from Google and Facebook to third-party agencies, which, in turn, resell it, and this chain of data movement becomes less secure with each transaction. Facebook has been selling personal data for some time now, either inadvertently through third-party applications that allow interfacing with Facebook via smartphones, or directly from its database of 750 million users. As a private company, Facebook is immune from giving anyone the details.

A big buyer of Facebook and Google user information is Stratfor Global Intelligence, which resells that data to banks, collection agencies, facial recognition companies, Doctors Without Borders, and even the U.S. Department of Defense. Stratfor got hacked in the last week of December 2011 by a hacker group called Anonymous, which stole 90,000 credit card numbers and passwords and home addresses of 4,000 people.

A source who met with a French Security company at the CNIT Paris la Défense conference in 2011 said the security company saw this coming. It knew it would be targeted because it purchases personal information and photographs from Google and Facebook, at a high price, to resell it.

But every time that data changes hands, just remember how much more vulnerable it becomes.