Another hack has made its way into the news, this time it’s none other than the social media giant Facebook. Facebook announced last Friday through a blog post that nearly 50 million user accounts had been exploited through a zero-day vulnerability on their platform.
As of this posts writing no group has claimed responsibility for the breach. What is known is that the break is that it stemmed from the “view as” feature that allows users to see what their individual profiles look like to users who browse their profile. The breach allowed hackers to view private personal information without the need for multi-factor authentication or any other type of password.
Facebook stated in a release,
“We’re taking this incredibly seriously and wanted to let everyone know what happened and the immediate action we’ve taken to protect peoples security”
Because of this, the “View As” feature has been temporarily disabled and upwards of 90 million people signed out. It is estimated that 50 million were affected, with the other 40 million being signed out as a precaution.
“An additional 14 million users were affected more deeply, having additional details taken related to their profiles, such as their recent search history, gender, educational background, geolocation data, birth dates, and lists of people and pages they follow.”
Users who have been signed will simply need to log in again and they will be presented with a notice explaining the situation and what has occurred. It is still unclear if any of the information that was accessed has been misused in any form.
This breach is just another blow to the social networking giant coming off of the Cambridge Analytica scandal. Additionally, it brings up the question of if the company is doing enough to protect its nearly 2 billion users data that it uses to generate most of its profits off of. It will be interesting to see what steps the social network takes in the future to remedy the situation and better protect its user's personal information.
In the meantime, we continue to urge caution and awareness in your online activities and only divulge what is absolutely necessary or information you don't mind being publically available.
- The good news is that your passwords are safe and have not been compromised. This news is great for most users especially those who use the same password for multiple accounts (which we at PCPC would strongly recommend against).
- Facebook announced that the breach occurred without the need or use of a password. Through the use of API’s the hackers were able to download users private information. The type of information that was available were things like private messages, photos, videos, and other personal information.
- The breach had started on September 16th and was only discovered because of a massive spike in traffic on facebooks servers. The spike in traffic triggered an investigation the eventually lead to the discovery.
- While or the millions of individuals who use Facebook to log into third-party programs are still at risk of those third party apps being compromised. Since the hackers used facebooks “secret tokens” that allowed the accounts it could potentially allow access to the third part programs utilizing the Facebook login method.
- A simple way to check if your account has been compromised would be to go to settings then click on “Security and Login” from that point they could review all the devices that have accessed their account. If anything comes up as unrecognized they could simply revoke that sessions access