Data breaches are back in the news. Capital One, one of the biggest banks and credit card issuers on the globe just reported that 106 million user’s personal details were stolen by a rogue employee. No one knows where it ended up; the investigation is just getting started.
Your personal information – social security numbers, birthdates, answers to “secret” questions, are the keys fraudsters employ to gain access to your accounts. Now a new piece of data is frequently being used as well: Your face.
The logic is simple – who else has your face but you? But facial recognition technology is as hackable as anything else, and our selfies are making it way too easy for the bad guys to know exactly what we look like.
FaceApp is a mobile phone application that’s recently gone viral. Millions of users have downloaded it and used the fun filters to see what they’d look like as old folks. You’ve probably seen the results on Facebook or Twitter.
It’s fun. But risky too. Here’s why:
What you didn’t know is that FaceApp is run by a Russian company, a company that demands “perpetual, irrevocable” rights to the images you upload, and company that also does all of its photo processing “in the cloud” not on your phone.
This means that every selfie you pop into FaceApp gets uploaded to the internet, to a server you can’t control, and is processed by the same type of software that enables facial recognition technology to be so effective.
While we don’t have any proof that Russian spys are assembling new databases full of FaceApp uploads, you should understand that using FaceApp means that you’re providing ID-style, geo-tagged, date-stamped, user-specific photographs to a 3rd party that does not enjoy the same rule-of-law protection that we are accustomed to in the states.
Combine the Capital One breach with the photos from FaceApp, and you’d have everything you need to forge anything from a fake Twitter account to a new passport. Building a database to cross-reference the two wouldn’t be hard for a hacker to do.
What to do? Be alert!
Read the terms of service, educate yourself and your team on the best practices for handling personal and professional information. Be sure to limit access to corporate data on personal devices and use secure systems whenever possible. And look for suspicous activty whenever you’re online.
If you have any questions, give us a call. Singlesource IT has a wide range of solutions to make sure that your data’s safe. And stays that way.
