On Friday night, Facebook revealed that it was hit by security breach. One of the Facebook features was a bug that has been exploited by unknown hackers and more than 50 million Facebook accounts have been compromised directly. An additional 40 million accounts have been potentially compromised. In the hacked 50 million accounts, a Facebook manufacturer and CEO is related to Mark Zuckerberg. Facebook’s Chief Operating Officer Sheryl Sandberg’s account has also been hacked.
In the New York Times report, “Three software errors in the Facebook system allowed hackers to break into top accounts officials, including Mark Zuckerberg and Sheryl Sandberg in user accounts, but according to two people familiar with the investigation, but publicly discuss Not allowed to do. ”
After the huge recruitment of social media, a dramatic turn for the worse in Facebook’s horror year, a security flaw allowed hackers to reach 50 million Facebook accounts and potentially see people’s private posts and messages.
Along with the personal information of people on Facebook, the culprits have allowed the attackers to seize control of users’ Facebook accounts, Facebook said.
If you've been logged out of your account and asked to sign back in, it’s because we've discovered a security issue and are taking immediate action to protect people on Facebook. Learn more https://t.co/XLcHGYFBu2
— Facebook (@facebook) September 28, 2018
Vice President Guy Rosen said that the victims had used their Facebook login to log into their third party applications, there could have been information stolen from those sites, and the violation was taking “very seriously” Was there. Many popular apps, including Instagram, Spotify and Tinder – allow people to login using Facebook certificates only as an option to set a unique login and password for their apps.
Rosen said that Facebook had been alerted on September 16 when it came to know of “massive” unusual activity “something like spike in users” and nine days after the detection of the blame that allowed hacking Of
US $ 12 billion (NZ$18b) was eradicated from the company’s value as investors began to digest the destruction of the attack on the world’s largest social media firm.
Rosen said, “What do we know that the attackers tried … access to profile information – such as name or gender or hometown.” Facebook had no evidence that hackers had reached “private message or post”, but its investigation was still in the initial stages and “he can change”, he warned.
Peter Bailey, General Manager of Aara Information Security, Auckland Safety firm said that Kiwis is likely to be influenced by hack as someone and some Facebook users can leave Facebook as a result of the attack.
He said, “I think it’s Cambridge Analyka again,” he said – referring to the scandal that started earlier this year, it came to know that Cambridge Analysts harvested data without the consent of millions of Facebook users and It was used for political purposes. Bailey said, “The question is how much impact can this knock before, before the effect really becomes serious.”
“This type of trust is about the platform – its value is that people think that they can safely use them. We can see more except the platform and this clearly affects their stock price. To be inserted. ”
There are over 2 billion active users in Facebook, but Bailey told only those who had configured their settings so that they can be permanently logged in to their Facebook account.
He said that when people use social media sites, they were not logged in and out of Facebook every time they were logged in. Facebook said that it had logged out 50 million people whose accounts were compromised, as well as 40 million people who were vulnerable to the attack.
The company said that users do not need to change their Facebook password. Bailey said logging out of Facebook should eliminate hackers’ access. Although people’s passwords did not compromise, but they advised any person who was impressed with changing their passwords as a precaution. “It seems that password exposure is not done but it is always worthwhile.
“It appears that a bug was introduced in July last year and Facebook detected it this month.”
Access to third party apps could be the bigger problem
In a call with reporters on Friday (local time), chief executive Mark Zuckerberg said the company does not know yet if any of the accounts that were hacked were misused.
Jake Williams, a security expert of US Defense firm Rendition Infosec, said that the potential impact on third party applications was “a big concern” – referring to the “Facebook login” feature, which allows users to share their Facebook certificates with other applications and websites Allows to log in.
Facebook said that it is a flaw that hacker has been scared of a bug in the Facebook’s “View Age” feature, allowing people to see how their profiles look to others.
The attackers used the vulnerability to steal “access tokens”, which are digital keys that Facebook users use to keep logging in. The capture of those tokens will allow the attackers to control those accounts.
Rosen confirmed that access tokens would be sufficient to reach a user’s account on third party sites.
“The vulnerability was on Facebook, but these access tokens enabled someone to use the account as if the account holders were themselves.” This means they could reach the other third-party.
‘It’s yet another warning’
Ed Mierzwinski, the senior director of consumer advocacy group US PIRG, said the breach was “very troubling”.
“It’s yet another warning that Congress must not enact any national data security or data breach legislation that weakens current state privacy laws, pre-empts the rights of states to pass new laws that protect their consumers better, or denies their attorneys general rights to investigate violations of or enforce those laws,” he said in a statement.
Analyst Michael Pachter said, “the most important point is that we found out from them,” meaning Facebook, as opposed to a third party.
“As a user, I want Facebook to proactively protect my data and let me know when it’s compromised,” Mr Pachter said. “Shareholders should ultimately approve of Facebook’s handling of the issue.”