Commentary: Facebook hack raises cloud security alarms again

For folks who are thinking whether it’s safe to put their precious data on the cloud, the latest news this week of Facebook being hacked must have raised alarm bells.

The security breach, it must be stressed, does not seem to have compromised any consumer data. The social networking site was quick to point that out, as it revealed that some employees had infected their laptops with malware when accessing a developer website last month.

Yet, the breach will challenge the recent conventional wisdom that it’s safer to keep your data online with big companies with high firewalls, such as Google and Facebook, than to store them on your own PC and network. 

One reason you should feel safer storing your stuff online is that these services are run by some of the best security experts around. Their systems typically are also much better protected by the latest security software.

In the latest breach, Facebook said its employees’ laptops had the latest anti-virus updates. The loophole was found in a “zero-day” exploit, or a new one that had yet to be discovered.

The problem had to do with the Java software that handles so many of our everyday interactions with websites. This usually runs in a “sandbox”, meaning that any external website is not supposed to intrude on the other parts of the computer’s software.

Yet, someone had managed to crack that barrier and gain access to the Facebook employees’ laptops. Oracle, the company behind Java, had since released updates to patch up this loophole, but the worry will raise fresh alarms about storing one’s private and precious content online.

One argument is that the likes of Google and Facebook, while well-protected, are huge targets for sophisticated attacks. Indeed, “sophisticated” is how Facebook described the latest hack on its systems. Similarly, Google had said it was facing concerted hacking attempts from state-sponsored organisations in the past.

So, is it time to yank all your holiday photos from Instagram, e-mail from Google or office documents on Dropbox? It’s actually a moot question today.

Users everywhere have become so reliant on these online services, backing up every single photo they take instantly, that it’s probably past the point of taking retroactive action.

If you already have tens of thousands of photos online, you would not just take days to download everything, you’d be wondering how to back them all up at home. The same for folks who have hundreds of documents on Google Docs or years of e-mail on Gmail.

There’s no question that some form of privacy breach is bound to happen in future. Just look back at other high-profile hacking cases, like when 77 million consumers had their names, addresses and passwords stolen from Sony’s Playstation network in 2011.

This doesn’t mean that the smart techies in these companies, whom users trust their data to, are not doing their jobs. The incidents serve to remind users that everything out there has a loophole, everything that’s man-made can be un-made.

Perhaps that’s the attitude that users should adopt. Expect hackers to break through at some point, despite best efforts from service providers, but be confident that they still have the best tools, over time, to face off the threats. Their business depends on this, after all.

All said and done, should you be putting up more data on the cloud, or consolidate important stuff in your office? This answer lies in weighing the risks.

Is it more likely for the data to be lost or exposed if Google, Facebook or Microsoft are hacked, or would your local network drive be more susceptible to damage, say, due to hardware fault or a fire or flood?

A similar question applies for end users. Would you want to share all your photos online, risking them being exposed (not just if Facebook is hacked, but if a friend decides to share them with others), or keep them private on your home network drive?

Answer that and you’d feel better about using the cloud – or not at all.