Does Facebook’s latest hack mean it’s time to give up on centralized data storage?
“On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts.” Guy Rosen, VP of Product Management at Facebook claimed on September 28, 2018.
Facebook was hacked, but no one yet knows what level of impact this massive data breach will have on its victims. The growth of artificial intelligence (AI) makes the breach even more serious because it raises the question of what the hackers be able to get from the data today or in five years with advanced machine learning.
This time, it was different
Facebook is no stranger to data breaches, as it was just in March 2018 that the Cambridge Analytica scandal made headlines everywhere. However, Facebook is not dealing with the same situation here - this time there was actually a full scale hack of their software, as opposed to March’s scandal.
The hackers were able to gain access to users’ access tokens, or digital keys, thereby gaining access to private information, which was not the case in the Cambridge Analytica scandal. The worst part is, we still have no idea what specific information the hackers were seeking or what they obtained.
If the tech giants can’t do it, no one can
The overwhelming majority of companies, once scaled to a certain size, have dealt with a major data breach. Facebook was the only exception, until now.
Companies such as Yahoo, Equifax, JP Morgan Chase, among many others have all been here before. The difference is that sometimes these data breaches are not made public, or the company remains unaware it has been hacked for weeks or even months.
What the Facebook situation shows us is that no matter how sophisticated and experienced a company’s tech team is, guaranteeing the integrity and security of user data stored in a central database is impossible. There is no reason to believe our data is safe from hackers, a fact that does not help companies project a positive image of their brand.
With 50 million Facebook users affected in March and another 50 million in September, society is seriously beginning to question the company’s ability to safeguard our private information.
Centralized databases are the root of the problem
Tech companies like Facebook are valued largely for their enormous database of user information, which is essential to developing targeted marketing campaigns. However, technical or human error will inevitably lead to the vulnerability of personal data.
We may have reached a tipping point where users won’t stand for the risk of having their data stolen. There’s a growing reluctance to provide companies with personal information. Even when people decide to share their information, they are likely to be suspicious about how their information may be used, or if it will be protected adequately.
Any brand that wants to avoid an exodus of users and restore trust in their offerings needs to take action quickly.
Data Regulations Are No Solution to Users/Customers mistrust
GDPR and other regulations are important, and a huge step in the right direction, but they do not hold the answers that companies are looking for. While maintaining compliance with regulations matters, that won’t be the driving force to build customer trust. For that, privacy has to be protected, which leads us to believe that data must be decentralized.
Imagine a vault for your personal data. With a decentralized architecture, these vaults are immutable, continuously updated and give users exclusive access rights to their information, rather than a centralized authority. Without a central database to hack, the information is stored across different locations, which is all interconnected and distributed amongst different nodes of the network. Essentially, a decentralized network is self-regulating, self-sustainable and protected from any potential attacks.
The Arianee use case: a solution to fix the relation Brands/Owners
Arianee is the first company of its kind to offer such a solution. For now, the protocol is focused on the luxury goods industry, but its core concept of a decentralized system for private data eliminates all of the risk that most large companies run when storing user data.
The protocol includes the user vault - essentially an e-wallet used to store digital representations of valuable physical assets: watches, purses, jewelry and so on. Using a mobile device, users can gain access to their personal warranties, proofs of ownership, certificates of authenticity, and every other piece of identifying information.
However, in this system, all of the information remains entirely anonymous. Arianee and the companies authenticating the goods do not have access to the user’s data. The user truly owns their personal data, which is encrypted and stored safely. But how can a brand contact the user if they do not have his/her personal information?
It’s the Arianee user who decides how the brand of a product they own can contact them. The message goes through the system, without the brand having access to the contact information at any point. Instead, the brand would be sending a message to the actual product, rather than to its owner. The user is in total control of their own information, and data breaches become utterly impossible.
Facebook is very unlikely to decentralize its user data when so much of its value, as a company, is built on access to controlling that information. But, the data breach proves yet again that a central database is an outdated model for any company that manages digital data. Arianee is at the forefront of this movement, and soon any company that wants to attract customers will need to follow a similar model.